DEVSECOPS BY DEFAULT: WHAT HAVE, CAN AND MUST WE LEARN FROM LOG4SHELL?

Hi all

Andreas Grabner is in Zürich and he is giving a workshop about DevSecOps.
Note: This is a crosspost and therefore not an official DevOps Meetup Zürich.

Abstract:
It’s been 6 months since Log4Shell ruined many Christmas holidays for Devs, Ops and especially Dev(Sec)Ops teams. How did this incident help us strengthen our software supply chain? How have DevSecOps adopted their delivery and operations orchestration to reduce the risk of future vulnerabilities? In this session we cover stories from DevSecOps teams that were fighting Log4Shell. We look into AppSec tools to detect vulnerabilities during delivery and in production and see how open source projects such as Falco, Keptn … help DevSecOps teams to enforce a “Secure by Default” policy!“

About Andreas Grabner:
Andreas Grabner (@grabnerandi) has 20+ years of experience as a software developer, tester and architect and is an advocate for high-performing cloud scale applications. He is a contributor and DevRel for the CNCF open source project keptn (www.keptn.sh). Andreas is also a regular contributor to the DevOps community, a frequent speaker at technology conferences and regularly publishes articles on blog.dynatrace.com or medium. In his spare time you can most likely find him on one of the salsa dancefloors of the world (will resume once Covid is behind us)!