Brian Sletten

Forward Leaning Software Engineer @ Bosatsu Consulting

Brian Sletten
 

Brian Sletten is a liberal arts-educated software engineer with a focus on forward-leaning technologies. His experience has spanned many industries including retail, banking, online games, defense, finance, hospitality and health care. He has a B.S. in Computer Science from the College of William and Mary and lives in Auburn, CA. He focuses on web architecture, resource-oriented computing, social networking, the Semantic Web, AI/ML, data science, 3D graphics, visualization, scalable systems, security consulting and other technologies of the late 20th and early 21st Centuries. He is also a rabid reader, devoted foodie and has excellent taste in music. If pressed, he might tell you about his International Pop Recording career.

Presentations

Automating Security Fixes with OpenRewrite

Security problems empirically fall into two categories: bugs and flaws. Roughly half of the problems we encounter in the wild are bugs and about half are design flaws. A significant number of the bugs can be found through automated testing tools which frees you up to focus on the more pernicious design issues. 

 In addition to detecting the presence of common bugs as we have done with static analysis for years, however, we can also imagine automating the application of corrective refactoring. In this talk, I will discuss using OpenRewrite and the Moderne cli to fix common security issues and keep them from coming back.

 

In this talk we will focus on:

  • Introducing the OpenRewrite OSS framework and demonstrate how it can automate common code remediation tasks.
  • Using OpenRewrite and the Moderne cli to automatically identify and fix known security vulnerabilities including:
  • Common Java flaws
  • OWASP Top Ten
  • Common Spring Issues
  • Checking in credentials
  • Integrating security scans with OpenRewrite for continuous improvement.
  • Writing custom recipes for defining your own security policies
  • Free up your time to address larger concerns by addressing the pedestrian but time-consuming security bugs.

Automating Security Fixes with OpenRewrite

Security problems empirically fall into two categories: bugs and flaws. Roughly half of the problems we encounter in the wild are bugs and about half are design flaws. A significant number of the bugs can be found through automated testing tools which frees you up to focus on the more pernicious design issues. 

 In addition to detecting the presence of common bugs as we have done with static analysis for years, however, we can also imagine automating the application of corrective refactoring. In this talk, I will discuss using OpenRewrite and the Moderne cli to fix common security issues and keep them from coming back.

 

In this talk we will focus on:

  • Introducing the OpenRewrite OSS framework and demonstrate how it can automate common code remediation tasks.
  • Using OpenRewrite and the Moderne cli to automatically identify and fix known security vulnerabilities including:
  • Common Java flaws
  • OWASP Top Ten
  • Common Spring Issues
  • Checking in credentials
  • Integrating security scans with OpenRewrite for continuous improvement.
  • Writing custom recipes for defining your own security policies
  • Free up your time to address larger concerns by addressing the pedestrian but time-consuming security bugs.

The Evolution of RAG Context

Retrieval Augmented Generation (RAG) systems have emerged to provide guardrails to spirited non-determinism of unfettered Large Language Models. While useful, they are clearly not enough even in the more advanced configurations of query rewriting, domain/chunk-size alignment, and re-ranking activities.

At the edge of energetic AI wave is a new form of token generation involving concepts and actions that will take things even further.

We will cover:

  • A brief overview of RAG systems and the issues that remain
  • The Sonar Embedding model and how it forms the basis of Large Concept Models (LCMs)
  • The various Action-based embedding models for physically and digitally-embodied agentic systems
  • Use cases that emerge from these advanced, multi-lingual, multi-modal developments in the ever-changing world of generative AI

The Evolution of RAG Context

Retrieval Augmented Generation (RAG) systems have emerged to provide guardrails to spirited non-determinism of unfettered Large Language Models. While useful, they are clearly not enough even in the more advanced configurations of query rewriting, domain/chunk-size alignment, and re-ranking activities.

At the edge of energetic AI wave is a new form of token generation involving concepts and actions that will take things even further.

We will cover:

  • A brief overview of RAG systems and the issues that remain
  • The Sonar Embedding model and how it forms the basis of Large Concept Models (LCMs)
  • The various Action-based embedding models for physically and digitally-embodied agentic systems
  • Use cases that emerge from these advanced, multi-lingual, multi-modal developments in the ever-changing world of generative AI

Resource-Oriented Architecture Patterns

The typical technologist has a fairly straightforward perspective about the use of resources in modern software systems. They understand the concept of stable identifiers and what some of the HTTP verbs are intended for based upon experiences with the Web.

There is a rich ecosystem of use cases that build upon these basic ideas, however, and in this talk I will demonstrate several of my favorite examples. Drawing upon my pattern-oriented book, I will highlight patterns that surface information, transform it, direct
traffic, and more. These patterns will be presented with intention, consequences, and the usual context we expect in pattern-oriented literature to help us communicate sophisticated design decisions.

Come develop a more sophisticated palette of resource-oriented patterns to help you solve a variety of issues in distributed information systems development.

Web Security for APIs

There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.

Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.

In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.

We will cover a broad range of topics including:

  • The concepts behind Building Security in
  • Designing for Security
  • Authentication and Authorization Strategies
  • Identity Management
  • Protecting Data in transit
  • Protecting Data at rest
  • Frameworks for selecting security features
  • Attack and Threat Models for APIs

Web Security for APIs

There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.

Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.

In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.

We will cover a broad range of topics including:

  • The concepts behind Building Security in
  • Designing for Security
  • Authentication and Authorization Strategies
  • Identity Management
  • Protecting Data in transit
  • Protecting Data at rest
  • Frameworks for selecting security features
  • Attack and Threat Models for APIs