《App Security Leads to Better Business Value CloudNative SecurityCon NA 2023 V1.0.pdf》由会员分享,可在线阅读,更多相关《App Security Leads to Better Business Value CloudNative SecurityCon NA 2023 V1.0.pdf(7页珍藏版)》请在三个皮匠报告上搜索。
1、Application Security Leads to Better Business ValueHillary BensonDavid ZendzianKirsten NewcomerLarry CarvalhoPanelistsModeratorOSS Products UsedKubernetesSemgrepGitleaksKubesecTrivyOWASP ZAPGitLab Products UsedGitLab:The DevSecOps PlatformGitLab Use Case Reduce Unnecessary RiskRisk ReducedVulnerabil
2、ity lifespanGaps in Software Supply Chain Security measures Lack of security testing coverageSolutions BuiltEnd-to-end Software Supply Chain SecuritySecurity policy and compliance governanceApplication Security TestingBusiness Value DeliveredShip software faster with more efficient security outcomes
3、&lower MTTRDemonstrate compliance with industry and regulatory standards within the platform you already use to build softwareReduce risk of costly breaches with native policy&compliance controlsRed Hat Use Case Securing the platform and applicationOSS Products UsedKubernetesOperator FrameworkIstio/
4、EnvoyTekton,Tekton ChainsStackRoxQuay with ClairOPA GatekeeperSigstore/CosignFalco libsCompliance as CodeRed Hat Products UsedRed Hat OpenShiftOpenShift PipelinesOpenShift GitOpsOpenShift Service MeshRed Hat Advanced Cluster SecurityRed Hat QuayRed Hat Advanced Cluster ManagementRisk ReducedSupply c
5、hain attacks Exploits of known vulnerabilities and/or misconfigurationsMalicious intrusion,lateral movement,privilege escalation,etc)Solutions BuiltKube-native supply chain securityImage vulnerability and configuration analysisPlatform protectionsAutomated regulatory complianceRuntime detection&resp
6、onseBusiness Value DeliveredImproved ROI for security program with more informed and contextualized risk assessmentsAutomated guardrails based on industry standards that bridge the skill and context gap between security and developersFaster time to resolution with better quality data and ootb guidan
7、ceVMware Use Case Beyond Shift Left SecurityOSS Products UsedKubernetesCartographer/TektonCarvelOPA/Gatekeeper FluxAnchore Syft/GrypeTrivy/SonobuoySpiffe/Spire/PinnipedKorifi/Paketo BuildpacksVMware Products Used Tanzu Application Platform Tanzu for Kubernetes Operators Aria Guardrails Tanzu Applica
8、tion ServiceSolutions Built Security as 1stclass DevEx Security capabilities that comprehensively span the 5 Cs:code,container,cluster,cloud,connectivityBusiness Value Delivered:Continuously Securing Apps Faster path to production with security-approved,language-specific”golden paths”Biz can embrace OSS ecosystem with confidence Application teams can meet compliance&security requirementsRisk Reduced E2E Supply Chain OSS components Security model for modern app continuously secure applications Q&APlease scan the QR Code aboveto leave feedback on this session