logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Matt Jarvis
2021-10-13

tldr - powered by Generative AI

The talk discusses how to prioritize and remediate vulnerabilities in container images by understanding how they are constructed and where potential vulnerabilities can come from.
  • Container images are constructed in layers, some of which come from base images and parent images
  • Understanding how software gets into the images is key to deciding on a strategy for minimizing vulnerabilities
  • Prioritizing and fixing high severity vulnerabilities with available fixes is a good starting point
  • Security in containers should be multi-layered and consider infrastructure misconfigurations
  • Containers are often run in orchestration systems like Kubernetes, and security principles for Kubernetes should be followed
Authors: Rami Elron
2021-09-24

tldr - powered by Generative AI

Effective usage analysis can significantly accelerate product releases by identifying and prioritizing effective vulnerabilities, eliminating inefficiencies, and improving resource utilization.
  • Modern software applications have thousands of dependencies between open source and proprietary components, many of which have security vulnerabilities
  • 70% of reported vulnerabilities in real-world applications cannot be referenced from application code, effectively posing no risk
  • Organizations often prioritize vulnerability handling based on reported severity, leading to an inordinate amount of time spent on ineffective vulnerabilities
  • Effective usage analysis facilitates the identification of effective and ineffective vulnerabilities, enabling organizations to focus on real risks and expedite product delivery
  • Effective usage analysis improves prioritization, eliminates inefficiencies, and helps organizations realize better scheduling goals