App Security Leads to Better Business Value CloudNative SecurityCon NA 2023 V1.0.pdf

1、Application Security Leads to Better Business ValueHillary BensonDavid ZendzianKirsten NewcomerLarry CarvalhoPanelistsModeratorOSS Products UsedKubernetesSemgrepGitleaksKubesecTrivyOWASP ZAPGitLab Products UsedGitLab:The DevSecOps PlatformGitLab Use Case Reduce Unnecessary RiskRisk ReducedVulnerabil

2、ity lifespanGaps in Software Supply Chain Security measures Lack of security testing coverageSolutions BuiltEnd-to-end Software Supply Chain SecuritySecurity policy and compliance governanceApplication Security TestingBusiness Value DeliveredShip software faster with more efficient security outcomes

3、&lower MTTRDemonstrate compliance with industry and regulatory standards within the platform you already use to build softwareReduce risk of costly breaches with native policy&compliance controlsRed Hat Use Case Securing the platform and applicationOSS Products UsedKubernetesOperator FrameworkIstio/

4、EnvoyTekton,Tekton ChainsStackRoxQuay with ClairOPA GatekeeperSigstore/CosignFalco libsCompliance as CodeRed Hat Products UsedRed Hat OpenShiftOpenShift PipelinesOpenShift GitOpsOpenShift Service MeshRed Hat Advanced Cluster SecurityRed Hat QuayRed Hat Advanced Cluster ManagementRisk ReducedSupply c

5、hain attacks Exploits of known vulnerabilities and/or misconfigurationsMalicious intrusion,lateral movement,privilege escalation,etc)Solutions BuiltKube-native supply chain securityImage vulnerability and configuration analysisPlatform protectionsAutomated regulatory complianceRuntime detection&resp

6、onseBusiness Value DeliveredImproved ROI for security program with more informed and contextualized risk assessmentsAutomated guardrails based on industry standards that bridge the skill and context gap between security and developersFaster time to resolution