Find and fix vulnerabilities early: Stop fighting today’s cyberattacks with yesterday’s AppSec tools
The Log4j vulnerability was fixed and patched 2 years ago but companies are still reeling from it today. Many do not understand the impact radius of the security threat in their codebase, much less know what to do when they find one. Vulnerable Log4j versions continue to be downloaded unchecked from the central repository and percolate into production, where Day 0 events continue to simmer. While this has prompted fresh cybersecurity regulations in the software supply chain for better tooling, what does this topic mean to you? In this episode, we’ll review: - Ways to build resiliency for a software supply chain that your users can trust - How to understand risk profiles and dependencies beyond software composition analysis - Automated storage and index and query security documentation for each pull request - Prioritize vulnerabilities and direct remediation in the integrated development environment (IDE) from a system of record
講演者
Michelle DiPalma | Principal Product Manager, Red Hat
Michelle DiPalma is a Principal Product Manager for Red Hat’s Trusted Profile Analyzer, part of Red Hat Trusted Software Supply Chain. She brings 15 years of experience designing, implementing and administering a wide range of Unix systems solutions for the financial industry. Having extensive experience working on and with security teams gives her a unique perspective on pain points that developers, platform engineers, architects, and security teams face regularly. Currently, she is focused on bringing insight and innovation to Red Hat products in the software supply chain space.
Rik Turner | Senior Principal Analyst, Informa PLC
Rik Turner is a senior principal analyst in Omdia's IT security and technology team, specializing in cybersecurity technology trends, IT security, compliance, and call recording. Rik has worked on Omdia's financial services technology team, with a specialization in capital markets technology. Prior to joining Omdia, he worked as an IT journalist, specializing in networking and security. He also worked as a foreign correspondent in Brazil, where he worked for the Financial Times and The Economist.