DevSecOps by Default: What Have, Can and Must We Learn from Log4Shell?
End of 2021 Log4Shell ruined many Christmas holidays for developers, architects, ITOps and especially Dev(Sec)Ops teams. How did this incident help us strengthen our software supply chain? How have DevSecOps adopted their delivery and operations orchestration to prevent using vulnerable code or react faster once a new breach is detected?
In this session we cover stories from DevSecOps teams that were on the frontlines when Log4Shell hit. We look into application security approaches and tools to detect vulnerabilities during testing, delivery as well as in production and see how open source projects such as Falco, Keptn and others help DevSecOps teams to enforce a “Secure by Default” policy!
Key Learnings include: what was Log4Shell in detail and how did it change the IT World, what vulnerabilities can we detect as part of the software supply chain, and how do open source tools such as Falco, Keptn and others make lives of DevSecOps easier?
Andreas Grabner has 20+ years of experience as a software developer, tester and architect and is an advocate for high-performing cloud scale applications. He started his career as a tester for a performance testing tool. He since moved on to monitoring, observability and site reliability. Over the past years Andi has been promoting to shift-left all these concepts into a DevOps culture. He is a regular contributor to the DevOps community, a frequent speaker at technology conferences and regularly publishes articles on blog.dynatrace.com. In his spare time he is hitting the salsa dancefloors of the world.