logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Dr. Luca Compagna
2023-02-16

tldr - powered by Generative AI

The presentation discusses the challenges of using commercial and open source tools for static analysis of code vulnerabilities and proposes a framework for improving the effectiveness of such tools.
  • Commercial and open source tools for static analysis of code vulnerabilities have limitations in detecting all vulnerabilities
  • The presented framework involves using patterns and discovery rules to improve the effectiveness of static analysis tools
  • Transformation experiments were conducted to improve the testability of patterns
  • The framework can be improved by adding custom rules and integrating other open source tools
  • The community is invited to contribute to the project and help improve the framework
Conference:  CloudOpen 2022
Authors: Ran Regenstreif
2022-06-22

tldr - powered by Generative AI

The talk focuses on utilizing open source security tools to reduce threats and risks in cloud systems, environments, and products. The speaker emphasizes the importance of a programmatic approach to security and shifting left.
  • Shift left movement empowers developers with security tools and processes
  • Open source security tools are important in minimizing risks
  • A broader set of risks should be considered when selecting tools
  • Utilizing a toolkit and tool belt can help minimize risks
  • Programmatic approach to security is crucial
Authors: Ran Klein, Eitan Worcel
2021-09-24

tldr - powered by Generative AI

The presentation discusses the benefits of using correlation in cybersecurity and DevOps to reduce the amount of work needed to resolve issues and prioritize them.
  • Using correlation can reduce the amount of work needed to resolve issues and prioritize them
  • Correlation can consolidate multiple issues into a single one
  • Data-driven prioritization and remediation can be achieved through correlation
  • Actual numbers show a significant reduction in the amount of issues after consolidation
  • The industry now focuses on fixing issues rather than just detecting them