Proposal finalised Change-Id: I87772c5d2d6e70e6d434503e85a73aab65c929b6

commit: a4c6efcd0bdd086c0f89d93543780bf418e7f881 [log] [tgz]
author: Bruno Bossola <bbossola@gmail.com> Thu Nov 01 16:12:48 2018 +0000
committer: Luca Milanesio <luca.milanesio@gmail.com> Thu Nov 01 16:14:29 2018 +0000
tree: fc34ee09223103932d4c815f59e30222d72d1e25
parent: 35d0d85903ba38df02412946fd04675612b95846 [diff]
diff --git a/schedule.md b/schedule.md
index d4e005a..d8b40f0 100644
--- a/schedule.md
+++ b/schedule.md

@@ -32,8 +32,8 @@
 | 10:45 | Break & Networking                                                                           |
 | 11:30 | [BLIMP Tracer: Integrating Build Impact Analysis with Code Review](sessions/blimp-tracer.md) |
 | 12:15 | Lunch & Networking                                                                           |
-| 14:00 | [Submit rules without prolog](sessions/simple-submit.md)                                                      |
-| 14:45 | [Automated Security Analysis with Gerrit Robot Comments] - *PLACEHOLDER*                     |
+| 14:00 | [Submit rules without prolog](sessions/simple-submit.md)                                     |
+| 14:45 | [Automated Security Analysis with Gerrit Robot Comments](sessions/automated-security-analysis-with-gerrit.md)|
 | 15:30 | Break & Networking                                                                           |
 | 16:00 | [Lessons learned from Gerrit 2.7 to 2.14 migration](sessions/migration-2.7-to-2.14.md)       |
 | 16:45 | Closing note                                                                                 |

diff --git a/sessions/automated-security-analysis-with-gerrit.md b/sessions/automated-security-analysis-with-gerrit.md
new file mode 100644
index 0000000..284f51b
--- /dev/null
+++ b/sessions/automated-security-analysis-with-gerrit.md

@@ -0,0 +1,19 @@
+# Automated Security Analysis with Gerrit Robot Comments
+
+Gerrit Code Review is often used for enforcing security and compliance with
+opensource components, thanks to its ability to require special review workflows
+when the project's dependencies are modified.
+
+That process is typically managed by special "reviewers" that manually check
+and approve or reject changes using special "Library Compliance" labels.
+What if we had a system that automatically checks for those issues, removing
+the requirement of this tedious and error-prone task, while allowing developers
+to focus on more important tasks?
+
+This talk is about showing an approach where you can see how this can be
+automated out of the box using Jenkins / GerritHub DevOps pipeline, with
+the aid of the Meterian engine. We will also  leverage Gerrit's Robot Comments
+to streamline the whole process of detecting, notifying and fixing common
+security and compliance issues.
+
+*[Bruno Bossola, CTO / meterian.io](../speakers.md#bbossola)*

diff --git a/speakers.md b/speakers.md
index 4bc8ec2..743d104 100644
--- a/speakers.md
+++ b/speakers.md

@@ -74,3 +74,12 @@
 Shane is an assistant professor and leader of the Software REBELs — a research
 group that develops tool and decision support for modern development and release
 teams.
+
+### Bruno Bossola - Meterian {#bbossola}
+
+[LinkedIn](https://www.linkedin.com/in/bbossola)
+
+Bruno starts coding in machine language on a small Commodore computer, and he's
+been coding professionally for thirty years with various languages. Bruno is the
+co-founder of [Meterian](https://www.meterian.io), a cyber-sec company
+that focuses on the security of software components.
commit	a4c6efcd0bdd086c0f89d93543780bf418e7f881	[log] [tgz]
author	Bruno Bossola <bbossola@gmail.com>	Thu Nov 01 16:12:48 2018 +0000
committer	Luca Milanesio <luca.milanesio@gmail.com>	Thu Nov 01 16:14:29 2018 +0000
tree	fc34ee09223103932d4c815f59e30222d72d1e25
parent	35d0d85903ba38df02412946fd04675612b95846 [diff]