Vulnerabilities and Misconfigurations in Cloud-Native Security - Two Sides of the Same Risk Coin

Explore the interconnected risks of vulnerabilities and misconfigurations in cloud-native environments during this 46-minute Linux Foundation webinar. Delve into the evolving attack surface created by DevOps and cloud-native technologies, examining how open-source packages, infrastructure as code, container images, and delivery pipelines form complex interdependencies. Learn about software supply chain attacks that leverage infrastructure misconfigurations and known vulnerabilities, using the Log4j flaw as a case study. Gain insights into the necessity of a proactive, defense-in-depth approach to cloud-native security and discover strategies for comprehensive protection across entire cloud-native application stacks, from code to cloud and application to infrastructure. Topics covered include open source challenges, vulnerability databases, software composition analysis, sources of vulnerabilities, and practical examples to illustrate key concepts.

Introduction
Open Source Challenges
Why Open Source
Vulnerability Databases
Open Source Licenses
Early Detection
Software Composition Analysis
Context
Culture
Safety Security
Checkouts Gun
Log4J Example
Sources of Vulnerabilities
Checkoff
Summary