BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 3:30pm - 4:00pm
You Might Still Need Patches for Your Denim, but You No Longer Need Them for Prod

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In this talk, Maya and Dan will cover what changes in your patch management story if you use containers instead of virtual machines in production. Containers are meant to be immutable and short-lived—so they're frequently redeployed. Rather than pushing individual code changes, you rebuild and redeploy the whole container image. Processes that take place passively, like patching, can be going on constantly, with the latest images kept in your image registry. As a result, the new container image is fully patched and can be rolled out or rolled back as one unit, so that the patch rollout process becomes the same as your (obviously very frequent) code rollout process, with monitoring, canarying, testing, and lots of SREs in tight black ripped jeans. No more Sunday 2am patching windows!
You’ll learn what containers are, why patching is different for containers, best practices for maintaining your container images and patches as part of an image registry, how Google has used a containerized infrastructure to its advantage to patch critical vulnerabilities like Spectre with no downtime, and that despite trying we can’t make jean jackets cool again.

avatar for Maya Kaczorowski

Maya Kaczorowski

Product Manager, Software Supply Chain Security, Tailscale
Maya is a Product Manager at Tailscale, providing secure networking for the long tail. She was mostly recently at GitHub in software supply chain security, and previously at Google working on container security, encryption at rest and encryption key management. Prior to Google, she... Read More →
avatar for Dan Lorenc

Dan Lorenc

CEO, Chainguard
Dan has been working on and worrying about containers since 2015 as an engineer and manager.He started projects like MinikubeSkaffold, and Kaniko to make containers easy and fun, then got so worried about the state of OSS supply-chains he partnered up with Kim and others to f... Read More →

Monday March 4, 2019 3:30pm - 4:00pm PST