Adapting DevOps in a World of Growing Software Supply Chain Attacks • Adam Such • GOTO 2021

This presentation was recorded at GOTO Copenhagen 2021. #GOTOcon #GOTOcph
http://gotocph.com

Adam Such - Principal Solutions Architect for the Nordics region at Sonatype

ABSTRACT
Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important.
Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing [...]

TIMECODES
00:00 Intro
02:12 What you will learn
03:00 Why is there a new wave of cybersecurity attacks?
06:34 Where do vulnerabilities enter your supply chain?
12:37 Typosquatting
15:46 Namespace confusion
18:06 Malicious code injections
20:40 How to prevent future attacks?
22:30 8 Rules
31:20 Outro

Read the full abstract here:
https://gotocph.com/2021/sessions/1959/adapting-devops-in-a-world-of-growing-software-supply-chain-attacks

RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Forsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOps • https://amzn.to/3tCz1xO
John Arundel & Justin Domingus • Cloud Native DevOps with Kubernetes • https://amzn.to/3hKZvI5
Wynne, Hellesoy & Tooke • The Cucumber Book • https://amzn.to/3tEUINJ
Robert C. Myers • Essential Test-Driven Development • https://amzn.to/2Xc8ZWa
Roy Osherove • The Art of Unit Testing • https://bit.ly/3obiKNB
Eric Ries • The Lean Startup • https://amzn.to/396fOva
Ronnie Mitra & Irakli Nadareishvili • Microservices: Up and Running• https://amzn.to/3c4HmmL

https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#DevOps #FutureOfDevOps #Maven #npm #GoLang #NuGet #RubyGems #PyPl #CyberSecurity #Security #DevSecOps #Typosquatting #NamespaceConfusion #CodeInjectinos #MTTU

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1