Jonathan Johnson

Abstract for 2019 Information Security Symposium

See how the Ilios Project at UCSF leverages our application tests, Github's Pull Requests, update bots, and automated container builds, to ensure that our small team can keep our application dependencies and OS packages constantly up to date.

Ilios has seamlessly upgraded through several major versions of two web frameworks, Linux distros, and innumerable security and feature updates to thousands of dependencies and libraries since v3 was launched in 2015. By focusing on writing great tests and leveraging automation and bots, we're able to keep each update small and easily applied. This takes the drama out of staying up to date, and allows us to update several times a week without slowing down.

Testing for security goes hand in hand with testing for user experience, and combining the two yields amazing benefits.