Automate or Die - DevSecOps in the Age of Software Supply Chain Attacks presented at OWASPBASC 2019

by Artie Jurgenson,

Summary : As nimble organizations deliver new innovations, adversaries are also upping their game; something we’ve seen in recent high profile and devastating cyber attacks. Bad actors have the intent and ability to exploit security vulnerabilities in the software supply chain - and in some cases plant vulnerabilities themselves. They have increased scale through automation and improved breach success through precision targeting. If we don’t fight back by doing the same - automating security directly in the DevOps pipeline - then we’ll always be at the hackers’ mercy. This session will provide new research on the above, and details on how to get started.Key takeaways: Real-world examples of how large and small companies are implementing DevSecOps practices in their own delivery pipelines, and increasing developer awareness to risks; Key insights from the 2019 DevSecOps community report - including the top investments for automated security; A walkthrough of how security principles have been automated into a CICD pipeline and what standards for implementation are beginning to follow suite; Why DevSecOps is more than a buzzword, and why it’s vital to protecting your software supply chain; How automating security of policies makes it harder to ignore.