Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Stalled at the intersection of dev ops and security v2

313 visualizaciones

Publicado el

The majority of enterprises are very concerned about the security of the software they are developing, but how can they secure their software without slowing down their velocity - or put another way - how can they move past being stalled at the intersection of DevOps and Security? With this in mind, we explore the qualities of a security scanning tool that is "plug-and-play" with a modern devOps shop.

Publicado en: Software
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Stalled at the intersection of dev ops and security v2

  1. 1. Matthew Barker, Technical Director, Sonatype1 STALLED AT THE INTERSECTION OF DEVOPS AND SECURITY
  2. 2. WHAT WE HAVE! 2
  3. 3. WHAT WE REALLY NEED! 3
  4. 4. SOFTWARE DEVELOPMENT MOVES FASTER THAN SECURITY WHY ARE WE STALLED 4 Explosive Use of Components Agile and Devops Enterprise Scale Use of Complex Frameworks
  5. 5. 5 WE TAKE SECURITY SERIOUSLY!
  6. 6. WHY ARE WE STALLED 6 ARE WE SERIOUS ABOUT SECURITY? • Card Skimmers (9%) • Insider Misuse (8%) • Crimeware (4%) • DoS Attacks (1%) See the problem?
  7. 7. ARE WE SECURING OUR SOFTWARE SUPPLY CHAIN? 7
  8. 8. COST OF ASSESSING VULNERABILITIES LATE IN SLC 8
  9. 9. SOME RECENT APPLICATION ATTACKS 9
  10. 10. HOW DO WE MOVE TO THE DEVOPS- SECURITY ACCELERATED INTERSECTION? WHAT IS NEEDED 10 Fast and Continuous Accurate Integrates Into Modern Devops tools Scalable Policy Driven Manages Supply Chain Prioritizes Vulnerabilities
  11. 11. Component Selection DEVELOPMENT BUILD AND DEPLOY PRODUCTION COMPONENT SELECTION PUBLIC REPOSITORIES A CONTINUOUS APPROACH PRECISELY IDENTIFY COMPONENTS & RISKS REMEDIATE EARLY IN DEVEOPMENT AUTOMATE POLICY ACROSS THE SLC MANAGE RISK ACROSS ENTIRE PORTFOLIO CONTINUOUSLY MONITOR FOR NEW RISKS 11
  12. 12. A Modern Security Scanning Architecture Modern Component Data Service Command Line Scanner with return value Real time policy check Email Alerts Includes production monitoring Fast, up to date, and accurate API Policy Server with Stored Analysis
  13. 13. QUESTIONS ? Matthew Barker mbarker@sonatype.com 505-239-4008

×