DevSecOps by Default: Lessons from Log4Shell - What We Have, Can, and Must Learn

Explore the impact of Log4Shell on DevSecOps practices and learn strategies to strengthen software supply chain security in this DevOpsDays Boston 2022 conference talk. Delve into real-world stories from DevSecOps teams on the frontlines during the Log4Shell incident, examining application security approaches and tools for detecting vulnerabilities during delivery and production. Discover how open-source projects like Falco and Keptn can help enforce a "Secure by Default" policy. Gain insights into vulnerability detection, instrumentation, risk analysis, and continuous security scanning. Understand the importance of automating security processes through tooling and explore the role of Captain in enhancing DevSecOps workflows.