DevSecOps by Default: What Have, Can and Must We Learn from Log4Shell?
End of 2021 Log4Shell ruined many Christmas holidays for developers, architects, ITOps and especially Dev(Sec)Ops teams. How did this incident help us strengthen our software supply chain? How have DevSecOps adopted their delivery and operations orchestration to prevent using vulnerable code or react faster once a new breach is detected?
In this session we cover stories from DevSecOps teams that were on the frontlines when Log4Shell hit. We look into application security approaches and tools to detect vulnerabilities during testing, delivery as well as in production and see how open source projects such as Falco, Keptn and others help DevSecOps teams to enforce a “Secure by Default” policy!
Key Learnings include: what was Log4Shell in detail and how did it change the IT World, what vulnerabilities can we detect as part of the software supply chain, and how do open source tools such as Falco, Keptn and others make lives of DevSecOps easier?