Home Conference Sessions Adapting DevOps ...

Adapting DevOps in a World of Growing Software Supply Chain Attacks

Adam Such | GOTO Copenhagen 2021

You need to be signed in to add a collection

**As we embrace movements like CI/CD and DevOps to cut down on release cycles - and innovate faster, we as developers must also embrace the reality that the risk landscape is too complex to leave “security” to just those with security in their title.** Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important. Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing us down. **In this talk, you'll learn about**: * Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness of risks. * Key insights into the Dependency Confusion and Cloudflare breach - what steps can developers take to prevent similar future attacks? * A walkthrough of how security principles have been embedded in a Continuous Integration pipeline and what standards for implementation are beginning to follow suit.

Share on:
linkedin facebook
Copied!

Transcript

As we embrace movements like CI/CD and DevOps to cut down on release cycles - and innovate faster, we as developers must also embrace the reality that the risk landscape is too complex to leave “security” to just those with security in their title.

Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important.

Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing us down.

In this talk, you'll learn about:

  • Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness of risks.
  • Key insights into the Dependency Confusion and Cloudflare breach - what steps can developers take to prevent similar future attacks?
  • A walkthrough of how security principles have been embedded in a Continuous Integration pipeline and what standards for implementation are beginning to follow suit.

About the speakers

Adam Such

Adam Such

Principal Solutions Architect for the Nordics region at Sonatype