Statscraft TLV: Monitoring conference for Ops, developers, PMs and everyone else
Our talk: A log story
At a company that runs 4000+ automated integration test cases handling many external systems - from Selenium for testing, through networking equipment, and packet generation, like many companies, we used to pass/fail as the sole indicator for our testing quality gate. Due to a whole bunch of external factors such as connectivity and stability of third-party systems, our pass rate was consistently lowered, until 70% became the average pass rate. We knew that this was almost as bad as a coin toss, and decided to dig deeper & solve this technical debt from the source, once and for all. By investigating the logs using log analysis tools to detect patterns in the failed and passing tests, we were then able to build dashboards to help track the trends. Based on these we went to work building a smarter framework for exception classification, that enabled us to create the right tools that ultimately helped us to increase our quality gate to 98%, with a much more detailed view of every test run and easy debugging of external issues. This talk will walk you through this use case from the problem, through the final implementation, and how to think about solving similar problems in your systems.
Agenda
Let's face it - now that we're a few years past the whole "shift left" trend, we can honestly say it has largely failed when considering security debt. Instead of solving issues earlier in the cycle, which was at the premise of the “shift left” promise, we mostly shifted the problem left. To date, security has largely been a source of friction between development and security teams––and fostering a proactive security culture among developers is still the holy grail a lot of companies are dreaming about without really managing to reach it. That's because this mindset needs a hard reset. We need to look at security completely differently. Security should not and cannot be decoupled from product quality - notably because developers are measured on code quality and velocity and not on how secure their code is. In the same way that our product's usability is a first-order engineering concern, security should be regarded in the exact same way. In this talk, I'll share some lessons learned and the way to bridge the gap between security and engineering, by changing the way it is viewed and implemented in current processes.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna