DevSecOps by Default: What have, can and must we learn from Log4Shell?

It’s been a couple of months since Log4Shell ruined many Christmas holidays for developers, architects, ITOps and especially Dev(Sec)Ops teams. How did this incident help us strengthen our software supply chain? How have DevSecOps adopted their delivery and operations orchestration to prevent using vulnerable code or react faster once a new breach is detected?

In this session we cover stories from DevSecOps teams that were on the frontlines when Log4Shell hit. We look into application security approaches and tools to detect vulnerabilities during delivery as well as in production and see how open source projects such as Falco, Keptn and others help DevSecOps teams to enforce a “Secure by Default” policy!

Speaker

andreas-grabner

Andreas Grabner

 
Andreas Grabner (@grabnerandi) has 20+ years of experience as a software developer, tester and architect and is an advocate for high-performing cloud scale applications. He is a contributor and DevRel ...