Shift left, seriously.
source link: https://changelog.com/podcast/575
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Changelog Interviews – Episode #575
Shift left, seriously.
with Deepak Prabhakara & Schalk Neethling from BoxyHQ
Brought to you by
This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.
We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”
- 88 minutes
- Recorded Jan 17, 2024
- Published Jan 26, 2024
- Download (85MB)
- Transcript
- 🎧 13,671
Sponsors
Vercel – With zero configuration for over 35 frameworks, Vercel’s Frontend Cloud makes it easy for any team to deploy their apps. Today, you can get a 14-day free trial of Vercel Pro, or get a customized Enterprise demo from their team. Visit vercel.com/changelogpod to get started.
Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Read Write Own – Read, Write, Own: Building the Next Era of the Internet—a new book from entrepreneur and investor Chris Dixon—explores one possible solution to the internet’s authenticity problem: Blockchains. From AI that tracks its source material to generative programs that compensate—rather than cannibalize—creators. It’s a call to action for a more open, transparent, and democratic internet. One that opens the black box of AI, tracks the origins we see online, and much more. Order your copy of Read, Write, Own today at readwriteown.com
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Chapters
| 1 | 00:00 |
This week on The Changelog |
| 2 | 01:23 | |
| 3 | 04:53 |
Shift left! |
| 4 | 07:35 |
Shift lift, no more right? |
| 5 | 09:22 |
Too much burden on devs? |
| 6 | 14:23 |
There's too much tooling |
| 7 | 18:42 |
So, who does security? |
| 8 | 21:08 |
Secure defaults |
| 9 | 26:37 |
Auth for BoxyHQ |
| 10 | 29:37 |
Right vs wrong auth |
| 11 | 33:54 | |
| 12 | 38:13 |
Security as code |
| 13 | 42:27 |
Justin's first automation |
| 14 | 49:02 |
Tooling to reconcile security |
| 15 | 55:01 | |
| 16 | 56:22 |
It's when, not who. |
| 17 | 59:35 |
Minimum Viable Security Product |
| 18 | 1:02:22 |
I can point to the drive |
| 19 | 1:03:36 |
Build vs buy? |
| 20 | 1:07:39 |
SaaS Vs boxed software |
| 21 | 1:10:28 |
Can you hire for that? |
| 22 | 1:12:20 |
Adam loves Pipedrive (btw) |
| 23 | 1:13:53 |
We're not doing everything |
| 24 | 1:18:29 |
Why is BoxyHQ open source? |
| 25 | 1:21:00 |
How to be open and open to contribs? |
| 26 | 1:22:13 |
Digging into commits |
| 27 | 1:23:23 |
Gaming LOCs |
| 28 | 1:24:07 |
Wrapping up |
| 29 | 1:25:41 |
Up next |
Transcript
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK