Home > Speakers >

Mark Hermeling

Mark Hermeling, MSc Mark has 25 years of experience in software development tooling, operating systems, virtualization and networking technology in safe and secure, embedded and real-time systems. He has worked on projects building automotive, networking, aerospace and defense and industrial devices in North America, Europe and Asia. As VP of Global Solutions Engineering at CodeSecure (formerly GrammaTech), Mark manages a team that covers the last mile in assisting CodeSecure customers to improve their safety and security posture, ranging from topics around software develop lifecycle to third party vulnerability and risk management and software bill of materials. Prior to joining CodeSecure, Mark worked for Wind River Systems (an Intel Corporation subsidiary), Zeligsoft and IBM Rational. He holds a Master of Science degree in Computing Science from Eindhoven University of Technology.

Optimizing the Developer DevSecOps Experience for Embedded Systems

Status: Coming up in April 2025!

Providing software developers with flexible, fast workflows in which they receive the information they need at the time they need it is crucial, especially in embedded systems.

Embedded systems have strict security, safety, and quality standards to adhere to. Building guidance for these standards into the workflow makes developers more efficient, allows them to learn as they go, and ultimately reduces risk while helping the team meet deadlines.

These workflows include static and dynamic testing, testing on hardware, server-based and local build options, as well as hardware-based debug workflows.

GitLab has extensive support to automate all these actions, which is what we’ll demonstrate during this presentation.

  • Drive all actions through an IDE (VS Code)
  • Use Merge Requests to track all actions
  • Use AI to automate common programming tasks
  • Use Security Policies to drive security fixes before merges
  • Find deep security findings and remediate them easily using CodeSonar
  • Automate testing on hardware in a remote hardware lab

This in-workflow pipeline automation saves engineers many hours per month, allowing them to spend more time building secure and safe software.

All artifacts used during this presentation are publicly available, and links will be provided.

Go to Session

How to ShiftLeft in Embedded

Status: Available Now

I'll give a lightning introduction on how to make ShiftLeft work in embedded:

  • containerize -everything-
  • automate -everything-
  • provide scalable compute
  • break your software up into components
  • invest in unit test
  • emulate hardware as much as possible
  • Statically analyze everything, constantly
  • Optimize developer workflows

Go to Session

Nobody Likes Static Analysis

Status: Available Now

Nobody likes doing static analysis, but we all know that it helps improve software quality early in the development cycle. In my day-to-day job I see many people struggle with this challenge, especially in deeply embedded projects. In reality though, integrating static analysis is not complicated, the technology exists to turn static analysis into the superpower that enables your development teams to deliver better quality code faster:

  • Integrate static analysis into the workflow, such that it happens automatically
  • Make it easy for developers to understand the results and make corrections
  • Automate acceptance gates
  • Scale compute

This section will be a generic overview of the technology that you can use immediately:
- Integrate static analysis into GitLab, GitHub, Gerrit, BitBucket, Jenkins, ...
- Containers to standardize build environments for native and cross compilation
- Use Kubernetes to scale compute, either in your own data-centre, AWS, GCP, Azure or others
- IDEs to bring the results to developers desktops.

Go to Session