Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Back To Schedule
Thursday, September 12 • 3:30pm - 4:15pm
Securing Modern Applications: The Data Behind DevSecOps

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Hackers took three days to identify and exploit a known vulnerability in Equifax's web applications. More importantly. Equifax was not alone. Hackers quickly attempted to exploit the Struts vulnerability elsewhere. According to David Hogue, a senior technical director for the NSA’s Cybersecurity Threat Operations Center (NCTOC), "We had a nation-state actor within 24 hours scanning for unpatched [Struts] servers within the DoD." Other breaches were recorded at Alaska Airlines, the Canada Revenue Agency, Okinawa Power, the Japanese Post, the India Post, AADHAAR (India’s social security system), and the GMO Payment Gateway, to name a few.

The time required for hackers to exploit a newly disclosed open source vulnerability has shrunk by 93.5% in the last decade. This harsh reality establishes a new normal for software supply chain management and demands that organizations are prepared to do three things within 48 hours of a new public disclosure:
* Assess which, if any, of their production applications are exploitable
* Establish a comprehensive plan to remediate potential exposure,
* Implement necessary fixes in production

This session will highlight new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. It will also further enlighten DevOps teams, security and development professionals by sharing results from the 5th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis. Attendees can join this session to better understand how development and AppSec teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.

avatar for Derek Weeks

Derek Weeks

Vice President, Sonatype
Derek E. Weeks is the world's foremost researcher on the topic of DevSecOps and securing software supply chains. For the past five years, he has championed the research of the annual State of the Software Supply Chain Report and the DevSecOps Community Survey. Derek is a huge advocate... Read More →

Thursday September 12, 2019 3:30pm - 4:15pm EDT
Lincoln 3