Redefining Open Source Risk: A Live Discussion

Cloud-native development has redefined the way we build, run, and scale applications. It has evolved cybersecurity strategies, encouraging development, security, and ops teams to collaborate and secure from code to cloud. From point solutions, Cloud Native Security Platforms (CNSP), to the most recent evolution of cloud security, Cloud Native Application Protection Platforms (CNAPP). In previous sessions, we’ve discussed why CNAPPs are the key to unlocking a successful secure cloud transformation. In this session, we will dig deeper into open source security, securing the DevOps pipeline and other cloud native security best practices. Specifically, we will dive into the recent extension our Code-to-Cloud CNAPP with Software Composition Analysis (SCA) : ● Why security at every stage of the application lifecycle is essential in bringing developers, security, and operations teams closer than ever before. ● Combining open source vulnerability findings with Infrastructure as Code (IaC) analysis to provide additional context of vulnerabilities embedded in container dependencies. ● Integrating natively with developer tools to surface open source risk earlier in and continuously throughout the development lifecycle. ● Mitigation of insecurity application components that leads to supply chain weakness. ● Providing full dependency tree extrapolation to identify and remediate vulnerabilities with granular version bump fix suggestions at even the deepest layers. Join Ajay Mishra, Chief Field Technology Officer, Cloud Security and rethink your approach to cloud native development security. Speaker: Ajay Mishra, Field Chief Technology Office, Cloud Security, Palo Alto Networks Moderator: Paolo Miranda, CISSP, Vice President, (ISC)² Singapore Chapter