DevSecCon - Open Source Security Track
Watch the best of DevSecCon ‘24
DevSecCon 2024 virtual summit was packed with DevSecOps lessons and hands-on experiences from industry trailblazers. Dive into the sessions from the Snyk track below and join the global DevSecCon community to help shape the future of secure development.
Open source security
Addressing supply chain security, vulnerabilities, and compliance in software development processes. Watch the recordings now.
Supply Chain Attacks
Secure Node.js applications from supply chain attacks
Address the growing security concerns in the NPM ecosystem, especially in light of the SolarWinds breach. The increasing threats to developers and their applications underscore the need for greater awareness and effective strategies to prevent supply chain attacks and mitigate security weaknesses throughout the software development process. Leonardo will share his experience and practical strategies for securing Node.js production services.
Understanding your source code
What Is going on in your source code? Understanding SCA in plain language
Dive into the growing use of terms like SBOM, VEX, SLSA, and GUAC in supply chain security discussions. While they may seem like just another set of compliance tasks, these acronyms address deeper security issues. We’ll explore the meaning behind these terms and the questions they aim to answer, providing a holistic understanding of how they help us protect against current and future threats. Viewers will gain insights into how embracing these concepts can lead to better protection for their organizations, rather than just adding more tools or feeling overwhelmed by compliance.
AI for Supply Chain Security
Streamlined AI impact assessments for supply chain security: Best practices
This session will delve into crafting effective and streamlined AI impact assessments that safeguard the supply chain while complying with emerging regulations and industry standards. Drawing from my experience as Deputy General Counsel at a leading SaaS company, I’ll offer a multifaceted perspective on AI governance, privacy, and legal challenges. Viewers will gain insights into balancing innovation with security, enhancing vendor due diligence, and fostering trust in AI deployments. Key topics include frameworks for AI impact assessments, strategies for staying ahead of AI legislation, guiding teams through secure AI deployment, and real-world case studies from my advisory role.
Scaling security tooling
From novice to catalyst: Scaling security tools with metrics
Explore the Multivac Product Security Metrics Framework, focusing on extracting, correlating, and storing metrics from security tools while creating a scalable, user-friendly service for security engineers. We'll demonstrate the impact of data visualization and how security metrics became essential in mitigating risk and addressing 0-day threats. Hear Alejandro's journey from novice to leader in security metrics, aiming to inspire others to embrace this complex field. Join us to navigate the world of security metrics and achieve excellence in your security efforts.
Join our community
DevSecCon is where security enthusiasts learn, share, and shape the future of DevSecOps together.
Additional resources
