SlideShare uma empresa Scribd logo

How Components Increase Speed and Risk

CA Technologies
CA Technologies

How Components Increase Speed and Risk For more information on DevSecOps, please visit: http://ow.ly/St0r50g63GR

Tecnologia
1 de 33
Baixar para ler offline
How Open Source Components Increase Speed and Risk Tim Jarrett DST50T DEVSECOPS Director, Product Management Veracode
2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation
3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda DEVELOPERS AND OPEN SOURCE COMPONENTS: FREE AS IN … THE JAVA COMPONENT ECOSYSTEM: SOFTWARE AGES LIKE… CASE STUDY: APACHE STRUTS, AKA “STRUTS-SHOCK” STRATEGIES FOR MANAGING OPEN SOURCE RISK 1 2 3 4
4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Developers and Open Source Components
5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Software development: from artisanal craft to industrial revolution 5 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Today’s Applications Are Assembled Proprietary Code Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Food for Thought How do you inventory open source libraries in your applications today?
‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Why open source? It’s about quality Faster time to market requires fewer defects and more functional code. Developers don’t have to write common functions themselves. 7 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS 1983 1988 1993 1998 2003 2008 2013 2018 Open Source Ecosystem Timeline GNU project Linux Google SourceForge Maven GitHub
9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Java Open Source Ecosystem
10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Java Component Ecosystem Maven – standard for invoking, storing, and sharing components 250 indexed repositories – Maven Central 2.2M indexed Java archives (JARs) 540K JARs published in 2016 JUnit used in 63,321 other projects SOURCE: Maven component repository, https://mvnrepository.com/, accessed 2017-10-06.
11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Publicly Disclosed Vulnerabilities National Vulnerability Database 95K total vulnerabilities (CVEs) 11K new CVEs published this year to date 35K High severity CVEs, 2650 Critical SOURCE: National Vulnerability Database, https://nvd.nist.gov/, accessed 2017-10-06.
12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Speed of Development vs. Risk Management “Third-party source code libraries increase development speed and risk. […] Heartbleed made dependency risk plain for all to see.” SOURCE: Tyler Shields and Jeffrey Hammond, Forrester Research, ”Vendor Landscape: Software Composition Analysis,” Forrester Research, October 1, 2015.
13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Sizing the Problem 80% of developers are using open source in deployed apps. Source: Forrester 46 Java applications have an average of 46 components. Source: Veracode 44% of Java applications contain critical vulnerabilities. Source: Veracode SOURCES: Tyler Shields and Jeffrey Hammond, Forrester Research, ”Vendor Landscape: Software Composition Analysis,” Forrester Research, October 1, 2015; Veracode reports1
14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Case Study: “Struts-Shock”
15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How do we get this data?
16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Most Prevalent Java Components LIBRARY VERSION % of JAVA APPLICATIONS aopalliance-1.0.jar 1.0 49.9% dom4j-1.6.1.jar 1.6.1 33.9% commons-httpclient-3.1.jar 3.1 27.8% commons-lang-2.6.jar 2.6 27.4% commons-logging-1.1.1.jar 1.1.1 26.4% activation-1.1.jar 1.1 25.3% commons-collections-3.2.1.jar 3.2.1 24.9% log4j-1.2.17.jar 1.2.17 22.8% antlr-2.7.7.jar 2.7.7 21.4% commons-io-2.4.jar 2.4 20.9% SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Most Prevalent Vulnerable Java Components LIBRARY VERSION % of JAVA APPLICATIONS commons-collections-3.2.1.jar 3.2.1 26.3% commons-beanutils-1.8.3.jar 1.8.3 12.8% commons-collections-3.1.jar 3.1 12.8% commons-fileupload-1.2.jar 1.2 12.2% commons-collections-3.2.jar 3.2 11.2% xalan-2.7.0.jar 2.7.0 8.5% xalan-2.7.1.jar 2.7.1 8.5% commons-beanutils-1.8.0.jar 1.8.0 7.7% commons-fileupload-1.3.1.jar 1.3.1 7.2% commons-fileupload1.2.1.jar 1.2.1 7.1% SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017. Case Study: Struts-Shock
19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Case Study: Apache Commons Collections SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Commons Collections Family Tree Needs a footer? No… it is an animation.
21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Strategies for Managing Open Source Risk
22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Addressing Component Risks in the SDLC 1 Policy first 2 Build an inventory 3 Developer education 4 Integrate testing
‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 1 Policy First 23 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 2 Build an Inventory 24 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 3 Developer Education 25 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Skills Training Has Measurable esults: eLearning SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Skills Training Has Measurable Results: Coaching SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 4 Integrate Testing 28 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED No Free Lunch 29 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm SCT40T Don’t Overreact: How to Respond to Vulnerability Disclosures 11/15/2017 at 3:30 pm DST38T Shifting Security to the Left – Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST39T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm SCT41T Testing the Fences: Recent Attacks Are Harbingers of a More Serious Threat 11/16/2017 at 4:15 pm
31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos – Wed & Thurs Securing Apps from Dev to Production CA Veracode Static Analysis CA Veracode Greenlight CA Veracode Remediation Guidance Manage Your Software Risk Open Sourced Component Scanning Developer Training on Secure Coding Integrations into Your Dev Tools 301 Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Greenlight CA Veracode Remediation Guidance 506P 509P DevOps-CD SecuritySecurity
32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at https://community.veracode.com Thank you.
33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps

Recomendados

Embracing DevSecOps: A Changing Security Landscape for the US Government
Embracing DevSecOps: A Changing Security Landscape for the US GovernmentEmbracing DevSecOps: A Changing Security Landscape for the US Government
Embracing DevSecOps: A Changing Security Landscape for the US GovernmentDJ Schleen
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS LaneJames Wickett
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to Make10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to MakeJoe Kutner
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDFranklin Mosley
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 

Recomendados

Embracing DevSecOps: A Changing Security Landscape for the US Government
Embracing DevSecOps: A Changing Security Landscape for the US GovernmentEmbracing DevSecOps: A Changing Security Landscape for the US Government
Embracing DevSecOps: A Changing Security Landscape for the US GovernmentDJ Schleen
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS LaneJames Wickett
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to Make10 Mistakes Hackers Want You to Make
10 Mistakes Hackers Want You to MakeJoe Kutner
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDFranklin Mosley
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon
 
Drupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of VulnerabilitiesDrupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of Vulnerabilitieszekivazquez
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon
 
Harnessing the power of cloud for real security
Harnessing the power of cloud for real securityHarnessing the power of cloud for real security
Harnessing the power of cloud for real securityErkang Zheng
 
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...Lviv Startup Club
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...DevSecCon
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationJames Wickett
 
Kaspersky Threat Intelligence Portal and DNIF Use Cases
Kaspersky Threat Intelligence Portal and DNIF Use Cases Kaspersky Threat Intelligence Portal and DNIF Use Cases
Kaspersky Threat Intelligence Portal and DNIF Use Cases DNIF
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporeAmazon Web Services
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
Our Mission and Values
Our Mission and ValuesOur Mission and Values
Our Mission and ValuesAmber Sawhill
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresPriyanka Aash
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Develop microservices in php
Develop microservices in phpDevelop microservices in php
Develop microservices in phpZend by Rogue Wave Software
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Tom Mens
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015James Wickett
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 

Mais conteúdo relacionado

Mais procurados

DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon
 
Drupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of VulnerabilitiesDrupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of Vulnerabilitieszekivazquez
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Rogue Wave Software
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon
 
Harnessing the power of cloud for real security
Harnessing the power of cloud for real securityHarnessing the power of cloud for real security
Harnessing the power of cloud for real securityErkang Zheng
 
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...Lviv Startup Club
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...DevSecCon
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationJames Wickett
 
Kaspersky Threat Intelligence Portal and DNIF Use Cases
Kaspersky Threat Intelligence Portal and DNIF Use Cases Kaspersky Threat Intelligence Portal and DNIF Use Cases
Kaspersky Threat Intelligence Portal and DNIF Use Cases DNIF
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporeAmazon Web Services
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
Our Mission and Values
Our Mission and ValuesOur Mission and Values
Our Mission and ValuesAmber Sawhill
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresPriyanka Aash
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Tom Mens
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015James Wickett
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
 

Mais procurados (20)

DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
 
Drupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of VulnerabilitiesDrupal Dev Days 2018 - Autopsy of Vulnerabilities
Drupal Dev Days 2018 - Autopsy of Vulnerabilities
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...
 
Harnessing the power of cloud for real security
Harnessing the power of cloud for real securityHarnessing the power of cloud for real security
Harnessing the power of cloud for real security
 
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
Lviv MD Day 2015 Анастасія Войтова "Data transfer security for mobile apps: w...
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless Application
 
Kaspersky Threat Intelligence Portal and DNIF Use Cases
Kaspersky Threat Intelligence Portal and DNIF Use Cases Kaspersky Threat Intelligence Portal and DNIF Use Cases
Kaspersky Threat Intelligence Portal and DNIF Use Cases
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
Our Mission and Values
Our Mission and ValuesOur Mission and Values
Our Mission and Values
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Develop microservices in php
Develop microservices in phpDevelop microservices in php
Develop microservices in php
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspective
 

Semelhante a How Components Increase Speed and Risk

The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantCA Technologies
 
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.ioCompleting the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.ioCA Technologies
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...
Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...
Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...Amazon Web Services
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...Amazon Web Services
 
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Technologies
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Shannon Williams
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAmazon Web Services
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.CA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageCA Technologies
 
GPSTEC304_Shipping With PorpoiseA K8s Story
GPSTEC304_Shipping With PorpoiseA K8s StoryGPSTEC304_Shipping With PorpoiseA K8s Story
GPSTEC304_Shipping With PorpoiseA K8s StoryAmazon Web Services
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps AdoptionMark Rendell
 
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)Steve Springett
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersAmazon Web Services
 
Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017Amazon Web Services
 

Semelhante a How Components Increase Speed and Risk (20)

The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
When You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is ImportantWhen You Test Matters: Why Testing Early in the SDLC is Important
When You Test Matters: Why Testing Early in the SDLC is Important
 
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.ioCompleting the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
Completing the Microservices Puzzle: Kubernetes, Prometheus and FreshTracks.io
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...
Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...
Advanced Patterns in Microservices Implementation with Amazon ECS - CON402 - ...
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
 
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA MicrogatewayCA Microgateway: Deploying, Configuring, and Extending CA Microgateway
CA Microgateway: Deploying, Configuring, and Extending CA Microgateway
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
Case Study: Continuous Delivery in a Tech Debt Laden World by Talk Talk.
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
Keynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive AdvantageKeynote: Making Security a Competitive Advantage
Keynote: Making Security a Competitive Advantage
 
GPSTEC304_Shipping With PorpoiseA K8s Story
GPSTEC304_Shipping With PorpoiseA K8s StoryGPSTEC304_Shipping With PorpoiseA K8s Story
GPSTEC304_Shipping With PorpoiseA K8s Story
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps Adoption
 
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with Containers
 
Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017Driving Innovation with Containers - CON203 - re:Invent 2017
Driving Innovation with Containers - CON203 - re:Invent 2017
 
Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 application
 

Mais de CA Technologies

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Technologies
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceCA Technologies
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...CA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...CA Technologies
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCA Technologies
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...CA Technologies
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCA Technologies
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementCA Technologies
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...CA Technologies
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...CA Technologies
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...CA Technologies
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...CA Technologies
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...CA Technologies
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentCA Technologies
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseCA Technologies
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCA Technologies
 

Mais de CA Technologies (20)

CA Mainframe Resource Intelligence
CA Mainframe Resource IntelligenceCA Mainframe Resource Intelligence
CA Mainframe Resource Intelligence
 
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform ExcellenceMainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
Mainframe as a Service: Sample a Buffet of IBM z/OS® Platform Excellence
 
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
Case Study: How CA Went From 40 Days to Three Days Building Crystal-Clear Tes...
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
Pre-Con Ed: Privileged Identity Governance: Are You Certifying Privileged Use...
 
Case Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on TimeCase Study: Privileged Access in a World on Time
Case Study: Privileged Access in a World on Time
 
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
Case Study: How SGN Used Attack Path Mapping to Control Privileged Access in ...
 
Case Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital GovernmentCase Study: Putting Citizens at The Center of Digital Government
Case Study: Putting Citizens at The Center of Digital Government
 
Making Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security ProgramMaking Security Work—Implementing a Transformational Security Program
Making Security Work—Implementing a Transformational Security Program
 
Emerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access ManagementEmerging Managed Services Opportunities in Identity and Access Management
Emerging Managed Services Opportunities in Identity and Access Management
 
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
The Unmet Demand for Premium Cloud Monitoring Services—and How Service Provid...
 
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
Leveraging Monitoring Governance: How Service Providers Can Boost Operational...
 
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
The Next Big Service Provider Opportunity—Beyond Infrastructure: Architecting...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...Application Experience Analytics Services: The Strategic Digital Transformati...
Application Experience Analytics Services: The Strategic Digital Transformati...
 
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
Strategic Direction Session: Deliver Next-Gen IT Ops with CA Mainframe Operat...
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
Blockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of DeploymentBlockchain: Strategies for Moving From Hype to Realities of Deployment
Blockchain: Strategies for Moving From Hype to Realities of Deployment
 
Establish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital EnterpriseEstablish Digital Trust as the Currency of Digital Enterprise
Establish Digital Trust as the Currency of Digital Enterprise
 
Case Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software DevelopmentCase Study: How The Home Depot Built Quality Into Software Development
Case Study: How The Home Depot Built Quality Into Software Development
 

Último

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 

Último (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 

How Components Increase Speed and Risk

  • 1. How Open Source Components Increase Speed and Risk Tim Jarrett DST50T DEVSECOPS Director, Product Management Veracode
  • 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of This Presentation
  • 3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda DEVELOPERS AND OPEN SOURCE COMPONENTS: FREE AS IN … THE JAVA COMPONENT ECOSYSTEM: SOFTWARE AGES LIKE… CASE STUDY: APACHE STRUTS, AKA “STRUTS-SHOCK” STRATEGIES FOR MANAGING OPEN SOURCE RISK 1 2 3 4
  • 4. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Developers and Open Source Components
  • 5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Software development: from artisanal craft to industrial revolution 5 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Today’s Applications Are Assembled Proprietary Code Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Open Source Food for Thought How do you inventory open source libraries in your applications today?
  • 7. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED Why open source? It’s about quality Faster time to market requires fewer defects and more functional code. Developers don’t have to write common functions themselves. 7 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS 1983 1988 1993 1998 2003 2008 2013 2018 Open Source Ecosystem Timeline GNU project Linux Google SourceForge Maven GitHub
  • 9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Java Open Source Ecosystem
  • 10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Java Component Ecosystem Maven – standard for invoking, storing, and sharing components 250 indexed repositories – Maven Central 2.2M indexed Java archives (JARs) 540K JARs published in 2016 JUnit used in 63,321 other projects SOURCE: Maven component repository, https://mvnrepository.com/, accessed 2017-10-06.
  • 11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Publicly Disclosed Vulnerabilities National Vulnerability Database 95K total vulnerabilities (CVEs) 11K new CVEs published this year to date 35K High severity CVEs, 2650 Critical SOURCE: National Vulnerability Database, https://nvd.nist.gov/, accessed 2017-10-06.
  • 12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Speed of Development vs. Risk Management “Third-party source code libraries increase development speed and risk. […] Heartbleed made dependency risk plain for all to see.” SOURCE: Tyler Shields and Jeffrey Hammond, Forrester Research, ”Vendor Landscape: Software Composition Analysis,” Forrester Research, October 1, 2015.
  • 13. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Sizing the Problem 80% of developers are using open source in deployed apps. Source: Forrester 46 Java applications have an average of 46 components. Source: Veracode 44% of Java applications contain critical vulnerabilities. Source: Veracode SOURCES: Tyler Shields and Jeffrey Hammond, Forrester Research, ”Vendor Landscape: Software Composition Analysis,” Forrester Research, October 1, 2015; Veracode reports1
  • 14. 14 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Case Study: “Struts-Shock”
  • 15. 15 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS How do we get this data?
  • 16. 16 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Most Prevalent Java Components LIBRARY VERSION % of JAVA APPLICATIONS aopalliance-1.0.jar 1.0 49.9% dom4j-1.6.1.jar 1.6.1 33.9% commons-httpclient-3.1.jar 3.1 27.8% commons-lang-2.6.jar 2.6 27.4% commons-logging-1.1.1.jar 1.1.1 26.4% activation-1.1.jar 1.1 25.3% commons-collections-3.2.1.jar 3.2.1 24.9% log4j-1.2.17.jar 1.2.17 22.8% antlr-2.7.7.jar 2.7.7 21.4% commons-io-2.4.jar 2.4 20.9% SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
  • 17. 17 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Most Prevalent Vulnerable Java Components LIBRARY VERSION % of JAVA APPLICATIONS commons-collections-3.2.1.jar 3.2.1 26.3% commons-beanutils-1.8.3.jar 1.8.3 12.8% commons-collections-3.1.jar 3.1 12.8% commons-fileupload-1.2.jar 1.2 12.2% commons-collections-3.2.jar 3.2 11.2% xalan-2.7.0.jar 2.7.0 8.5% xalan-2.7.1.jar 2.7.1 8.5% commons-beanutils-1.8.0.jar 1.8.0 7.7% commons-fileupload-1.3.1.jar 1.3.1 7.2% commons-fileupload1.2.1.jar 1.2.1 7.1% SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
  • 18. 18 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017. Case Study: Struts-Shock
  • 19. 19 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Case Study: Apache Commons Collections SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
  • 20. 20 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS The Commons Collections Family Tree Needs a footer? No… it is an animation.
  • 21. 21 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Strategies for Managing Open Source Risk
  • 22. 22 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Addressing Component Risks in the SDLC 1 Policy first 2 Build an inventory 3 Developer education 4 Integrate testing
  • 23. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 1 Policy First 23 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 24. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 2 Build an Inventory 24 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 25. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 3 Developer Education 25 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 26. 26 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Skills Training Has Measurable esults: eLearning SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
  • 27. 27 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Skills Training Has Measurable Results: Coaching SOURCE: Veracode, State of Software Security, Volume 8, 18 Oct 2017.
  • 28. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED 4 Integrate Testing 28 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 29. ‹#› #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED No Free Lunch 29 #CAWORLD #NOBARRIERS COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED
  • 30. 30 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm SCT40T Don’t Overreact: How to Respond to Vulnerability Disclosures 11/15/2017 at 3:30 pm DST38T Shifting Security to the Left – Watch End-to-End DevSecOps Solution in Action 11/15/2017 at 4:15 pm DST39T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm SCT41T Testing the Fences: Recent Attacks Are Harbingers of a More Serious Threat 11/16/2017 at 4:15 pm
  • 31. 31 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos – Wed & Thurs Securing Apps from Dev to Production CA Veracode Static Analysis CA Veracode Greenlight CA Veracode Remediation Guidance Manage Your Software Risk Open Sourced Component Scanning Developer Training on Secure Coding Integrations into Your Dev Tools 301 Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Greenlight CA Veracode Remediation Guidance 506P 509P DevOps-CD SecuritySecurity
  • 32. 32 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at https://community.veracode.com Thank you.
  • 33. 33 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps