DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down while at the same time reducing risk.
With 90+% of applications made up of open source, it is the largest unmanaged risk to companies today. Do you have an open source inventory for all of your applications (buy or build) including known vulnerabilities? Do you stay current? Do you monitor for new vulnerabilities? Have you heard of Equifax? If you answered no to any of these, be sure to attend this presentation