DevOps has been around for more than a decade. However, security teams still struggle to react to the drastic changes it brought to the SDLC. The influx of tooling needed to facilitate DevOps also brought with it added attack surface, complexity, and a lack of visibility; all of which have left security teams on their heels. Attackers have taken notice and shifted their attack priorities from production environments to the software delivery pipelines which build those applications.
Interestingly, the techniques used to cause software supply chains are frequently less sophisticated than we see elsewhere in security. It’s often the basics of security—like enforcing separation of duties, least privilege—which weren’t properly implemented across the SDLC, that cause breaches. It turns out that implementing consistent security controls in modern software development environments can be a big challenge.
In this webinar you’ll learn:
- Why security struggles to keep up with the pace of engineering
- Why effective security controls are so hard to implement across the SDLC
- How security teams can harden their tooling against software supply chain attacks