Operations | Monitoring | ITSM | DevOps | Cloud

Tune in to learn about how to consume open source securely using an OpenSSF framework donated by Microsoft.

A Node.js module with nearly two million downloads a week was compromised after the library was injected with malicious code programmed to steal bitcoins in wallet apps. Join us as we delve into a real-world zero-day supply chain attack. Understand the response that followed, and how attacks like this can be mitigated. Learn from David Gonzalez, Principal Engineer at Cloudsmith and Member of the Node.js security working group, as he walks us through the incident.

The rise and popularity of containers and Kubernetes have revolutionised the IT industry but also introduced a lot of complexity including a huge number of vulnerabilities coming from different container image layers. To master those vulnerabilities both DevOps and Security teams are struggling to prioritise and address them, often without sufficient clarity or accountable insights.

Software Bill of Materials (SBOM) are new and exciting, but what do they actually do and do you REALLY need one? If you read any security news lately, it seems like everyone is talking about how an SBOM can solve whatever problem they have, and they are years into their SBOM journey. But many of us don’t even know what they are.

“Overcoming Complexity and Cost” will delve into the challenges faced by software developers in managing complexity and reducing costs during the software development lifecycle. We will bring together industry experts to explore strategies, best practices, and emerging technologies that can empower developers to tackle these complex problems. Featuring: Mel Kaulfuss, Staff Developer Advocate, Buildkite Shanea Leven, Founder & CEO, CodeSee Tamara Miner, Principal Strategy Consultant, Pragma Moderated by Dan McKinney, Technical Account Manager, Cloudsmith.

While "secure software supply chain" can feel like a buzzword, the past 18 months have shown companies, open-source communities, and vendors making significant progress toward making it a reality. In this panel discussion, real-world practitioners will share their insights and experiences in securing the software supply chain. The panelists will cover a range of topics, from best practices in vulnerability management, risk assessment of open-source dependencies, and generating authenticated provenance, to the challenges of integrating security into the DevOps workflow. They will provide actionable strategies for improving security while maintaining development speed, and share real-world examples of how their organizations have successfully secured their software supply chains.

Any organization that has taken on the daunting task of securing their software supply chain knows the challenges, pitfalls and caveats that come with implementing security best practices. SLSA 1.0, a community-backed framework that provides a comprehensive checklist of security controls and standards, is here! So what does it mean for you and your organization? This session gathers SLSA experts from across the industry to discuss the practical uses of the framework.

We’ve assembled a panel of experts from the mature DevOps teams of Puppet and Shopify to answer some of your biggest software security questions.

We continue our series on containerization in this session, diving a bit deeper to discuss the key areas to ensure container optimization and speed, such as: What are the security ramifications of containers? How have platforms enabled the rise of containers and microservices? What challenges have been introduced by containers and platforms? What are some of the enhancements to networking, and why this improves the speed of delivery

We’ve assembled a panel of experts from the mature DevOps teams of Puppet and Shopify to answer some of your biggest software security questions.