Stalled at the intersection of dev ops and security v2
-
Upload
matthewabq -
Category
Software
-
view
235 -
download
0
Transcript of Stalled at the intersection of dev ops and security v2
Matthew Barker, Technical Director, Sonatype1
STALLED AT THE INTERSECTION OF
DEVOPS AND SECURITY
WHAT WE HAVE!
2
WHAT WE REALLY NEED!
3
SOFTWARE DEVELOPMENT MOVES FASTER THAN SECURITY
WHY ARE WE STALLED
4
Explosive Use of Components Agile and Devops
Enterprise ScaleUse of Complex
Frameworks
5
WE TAKE SECURITY SERIOUSLY!
WHY ARE WE STALLED
6
ARE WE SERIOUS ABOUT SECURITY?• Card
Skimmers (9%)
• Insider Misuse (8%)
• Crimeware (4%)
• DoS Attacks (1%)
See the problem?
ARE WE SECURING OUR SOFTWARE SUPPLY CHAIN?
7
COST OF ASSESSING VULNERABILITIES LATE IN SLC
8
SOME RECENT APPLICATION ATTACKS
9
HOW DO WE MOVE TO THE DEVOPS-SECURITY ACCELERATED INTERSECTION?
WHAT IS NEEDED
10
Fast and Continuous Accurate
Integrates Into Modern Devops tools
Scalable
Policy Driven
Manages Supply Chain
Prioritizes Vulnerabilities
Component Selection DEVELOPMENT BUILD AND DEPLOY PRODUCTIONCOMPONENT
SELECTION
PUBLICREPOSITORIES
A CONTINUOUS APPROACH
PRECISELY IDENTIFY
COMPONENTS & RISKS
REMEDIATE EARLY IN
DEVEOPMENT
AUTOMATE POLICY
ACROSS THE SLC
MANAGE RISK ACROSS ENTIRE
PORTFOLIO
CONTINUOUSLYMONITOR FOR
NEW RISKS
11
A Modern Security Scanning Architecture
Modern Component Data Service
TICKET TRACKING
Command Line Scannerwith return value
Real time policy check
Email Alerts
Includes production monitoring
IDE INTEGRATIONFast, up to date, and accurate
API
Policy Server with Stored
Analysis
CI INTEGRATION