#IstioCon Debugging Istio Within the Department of Defense Nick Nellis / Adam Toy #IstioCon Istio Going Mainstream Consumer Expectations ● Reliability ● Maintainability ● Usability #IstioCon

Approved for Public Release; Distribution Unlimited. 14-0391ii Executive Summary The Department of Defense (DoD) needs an acquisition framework for information technology (IT) that can keep pace with rapidly culture that will take time to employ. This guide is intended to show how the DoD could tailor the Defense Acquisition Framework to benefit from Agile development best practices. To succeed with an Agile - Secretary Panetta, Defense Security Review, 5 Jan 12iii Foreword Department of Defense (DoD) program managers and executives have struggled for years to tailor the Defense Acquisition Framework

"frame": 10, 60 "stats": { 61 "attack": 15, 62 "defense": 5, 63 "health": 100 64 } 65 } 66 }, 67 "frame": 10, 74 "stats": { 75 "attack": 20, 76 "defense": 2, 77 "health": 100 78 } 79 } 80 }, 81 "enemy_units", 87 "stats": { 88 "attack": 10, 89 "defense": 1, 90 "health": 30 91 } 92 } 93 }, 94

CSRF defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 12.3.1. How is done the CSRF defense in Apache enough. So if someone wants to use the internal SSO feature s/he also needs to use the CSRF token defense. If s/he wants to be safe from CSRF attacks. Unfortunately, due backporting difficulties, this option than your user. Even if the missing persmission is a minor one. 42 12.3. CSRF defense 12.3.1. How is done the CSRF defense in Apache OFBiz and how to adapt it if needed The Apache OFBiz Project Release

CSRF defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 12.3.1. How is done the CSRF defense in Apache enough. So if someone wants to use the internal SSO feature s/he also needs to use the CSRF token defense. If s/he wants to be safe from CSRF attacks. Unfortunately, due backporting difficulties, this option 11594 Last but not least Be sure to read Keeping OFBiz secure 12.3. CSRF defense 12.3.1. How is done the CSRF defense in Apache OFBiz and how to adapt it if needed The Apache OFBiz Project Release

CSRF defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 12.3.1. How is done the CSRF defense in Apache enough. So if someone wants to use the internal SSO feature s/he also needs to use the CSRF token defense. If s/he wants to be safe from CSRF attacks. Unfortunately, due backporting difficulties, this option 11594 Last but not least Be sure to read Keeping OFBiz secure 12.3. CSRF defense 12.3.1. How is done the CSRF defense in Apache OFBiz and how to adapt it if needed The Apache OFBiz Project Release

CSRF defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 12.3.1. How is done the CSRF defense in Apache enough. So if someone wants to use the internal SSO feature s/he also needs to use the CSRF token defense. If s/he wants to be safe from CSRF attacks. Unfortunately, due backporting difficulties, this option 11594 Last but not least Be sure to read Keeping OFBiz secure 12.3. CSRF defense 12.3.1. How is done the CSRF defense in Apache OFBiz and how to adapt it if needed The Apache OFBiz Project Release

engaged in creating value. If you missed last month, you can find the handout for Part 2 on the Agile4Defense GitHub page at: https://git.io/JeaO2 Risk The presence of uncertainty is the simple reason why Follow Us Follow our Agile for Defense group on Meetup, Facebook, and GitHub where we post events and many of our table topics.  https://www.meetup.com/Agile-for-Defense/  https://www.facebook. com/groups/AgileForDefense/  https://github.com/Agile4Defense/AgileForDefense You can download this table handout directly at: https://git.io/Jejqb Share Your Feedback As we've come to learn

Tim Berners-Lee invented the World Wide Web in 1989, per CERN. Source: Google, USA Department of Defense, CERN Internet – Public Release 1993* Knowledge Distribution Evolution = Over ~Six Centuries25 dominant global supplier of ‘rare earth elements’ – materials essential to advanced electronics, defense systems, and clean energy infrastructure – an imbalance that the USA is working hard to counter intelligence is not just embedded in digital applications, but also in vehicles, machines, and defense systems. Beyond the rise of digital agents, the world is increasingly experiencing the rise of physical