Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Matt Jarvis
2021-10-13
tldr - powered by Generative AI
The talk discusses how to prioritize and remediate vulnerabilities in container images by understanding how they are constructed and where potential vulnerabilities can come from.
- Container images are constructed in layers, some of which come from base images and parent images
- Understanding how software gets into the images is key to deciding on a strategy for minimizing vulnerabilities
- Prioritizing and fixing high severity vulnerabilities with available fixes is a good starting point
- Security in containers should be multi-layered and consider infrastructure misconfigurations
- Containers are often run in orchestration systems like Kubernetes, and security principles for Kubernetes should be followed
Conference: OWASP 20th Anniversary Event
Authors: Rami Elron
2021-09-24
tldr - powered by Generative AI
Effective usage analysis can significantly accelerate product releases by identifying and prioritizing effective vulnerabilities, eliminating inefficiencies, and improving resource utilization.
- Modern software applications have thousands of dependencies between open source and proprietary components, many of which have security vulnerabilities
- 70% of reported vulnerabilities in real-world applications cannot be referenced from application code, effectively posing no risk
- Organizations often prioritize vulnerability handling based on reported severity, leading to an inordinate amount of time spent on ineffective vulnerabilities
- Effective usage analysis facilitates the identification of effective and ineffective vulnerabilities, enabling organizations to focus on real risks and expedite product delivery
- Effective usage analysis improves prioritization, eliminates inefficiencies, and helps organizations realize better scheduling goals