DevOps Pro Moscow 2021

Adam Such

Должность:  Principle Solutions Architect

Компания:  Sonatype

Страна:  UK

Биография

Evan Smith is a Site Reliability Engineer with the remote German company Solvemate and is responsible for managing the infrastructure, CI/CD, incident response and monitoring, as well as promoting a culture of kindness and learning.

Доклад

The Data Behind DevSecOps: The Power of Hindsight to Protect your Supply Chain

A series of high profile and devastating cyber attacks have demonstrated that adversaries have the intent and ability to exploit security vulnerabilities in the software supply chain. Never was that so apparent than in the massive breaches at Equifax, Solarwinds and Codecov. Attacks are no longer just focussed on code running in production, they directly target the Developer and their tools.

The time required for hackers to exploit a newly disclosed open source vulnerability has shrunk by 93.5% in the last decade. This harsh reality establishes a new normal for software supply chain management and demands that organizations are prepared to do three things within 48 hours of a new public disclosure:
1. Assess which, if any, of their applications are exploitable
2. Establish a comprehensive plan to remediate potential exposure,
3. Implement necessary fixes

Ключевые слова

DevSecOps
Open Source

« Hазад