Read the abstract ➤ https://www.conf42.com/DevOps_2024_Ixchel_Ruiz_Melissa_McKay_addressing_security_concerns Other sessions at this event ➤ https://www.conf42.com/devops2024 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 0:38 preamble 0:47 background - melissa mckay 1:47 jfrog & nginx series 2:32 security through obfuscation 6:26 moveit transfer vulnerability (progress) 8:38 owasp joke essay 13:13 coding safely: developer education 13:54 software dependencies 15:34 synopsis 2023 ossra report (cyrc findings from 2022) 19:13 supply-chain levels for software artifacts 20:07 dependency confusion attack - package mining 22:44 managing open source dependencies 23:09 the left-pad incident 26:08 container development 30:27 is there any hope??? 30:40 what else can we do? 31:27 owasp resources (cheat sheets) 32:01 openssf trio of free courses 32:27 what can we do??? 35:50 questions?