Skip to main content
devseccon-logo-1

DevSecCon - Open Source Security Track

Watch the best of DevSecCon ‘24

 DevSecCon 2024 virtual summit was packed with DevSecOps lessons and hands-on experiences from industry trailblazers. Dive into the sessions from the Snyk track below and join the global DevSecCon community to help shape the future of secure development.

Open source security

Addressing supply chain security, vulnerabilities, and compliance in software development processes. Watch the recordings now.

Supply Chain Attacks

Secure Node.js applications from supply chain attacks

Address the growing security concerns in the NPM ecosystem, especially in light of the SolarWinds breach. The increasing threats to developers and their applications underscore the need for greater awareness and effective strategies to prevent supply chain attacks and mitigate security weaknesses throughout the software development process. Leonardo will share his experience and practical strategies for securing Node.js production services.

Understanding your source code

What Is going on in your source code? Understanding SCA in plain language

Dive into the growing use of terms like SBOM, VEX, SLSA, and GUAC in supply chain security discussions. While they may seem like just another set of compliance tasks, these acronyms address deeper security issues. We’ll explore the meaning behind these terms and the questions they aim to answer, providing a holistic understanding of how they help us protect against current and future threats. Viewers will gain insights into how embracing these concepts can lead to better protection for their organizations, rather than just adding more tools or feeling overwhelmed by compliance.

AI for Supply Chain Security

Streamlined AI impact assessments for supply chain security: Best practices

This session will delve into crafting effective and streamlined AI impact assessments that safeguard the supply chain while complying with emerging regulations and industry standards. Drawing from my experience as Deputy General Counsel at a leading SaaS company, I’ll offer a multifaceted perspective on AI governance, privacy, and legal challenges. Viewers will gain insights into balancing innovation with security, enhancing vendor due diligence, and fostering trust in AI deployments. Key topics include frameworks for AI impact assessments, strategies for staying ahead of AI legislation, guiding teams through secure AI deployment, and real-world case studies from my advisory role.

Scaling security tooling

From novice to catalyst: Scaling security tools with metrics

Explore the Multivac Product Security Metrics Framework, focusing on extracting, correlating, and storing metrics from security tools while creating a scalable, user-friendly service for security engineers. We'll demonstrate the impact of data visualization and how security metrics became essential in mitigating risk and addressing 0-day threats. Hear Alejandro's journey from novice to leader in security metrics, aiming to inspire others to embrace this complex field. Join us to navigate the world of security metrics and achieve excellence in your security efforts.

Check out all the session tracks from DevSecCon 2024

default-video

On-Demand

DevSecCon 2024 Main stage

View Now
default-video

On-Demand

Security culture and education track

View Now

Recursos adicionais

blog-feature-ai-pink
Blog

Foundations of trust: Securing the future of AI-generated code

Learn about Snyk's incoming GenAI Partner Program and how it secures the code produced by AI coding assistants, ensuring developers can code faster and more securely.

Feature_-_SnykLaunch_1
Blog

SnykLaunch Oct 2024: Enhanced PR experience, extended visibility, AI-powered security, holistic risk management

Read a recap of our SnykLaunch event for October 2024, covering our new features that power a developer-first, risk-centric security experience.

wordpress-sync/blog-feature-toolkit
Blog

Going beyond reachability to prioritize what matters most

While static reachability can help teams better understand their app vulnerabilities, they must be paired with other types of context and risk insights.