Don’t Expect Developers to be Security Experts!
Developers are not security experts! Why not? And should they be?
When it comes to “shift-left” security, there is only a subset of prevention and mitigation strategies that make sense to put on a developer’s plate. Even then, assuming all devs are already equipped and educated to handle this additional workload is unreasonable.
During this session, Melissa will define common security related terms and lingo; share typical places to shore up applications when it comes to resolving dependencies, packaging, and deploying your cloud-native applications; and share insights on how to evaluate the plethora of scanning tools available today. Learn about existing programs and education offered through the Linux Foundation and the OpenSSF. And finally, leave this session knowing how to integrate a measure of security that makes sense in your existing development processes without exhausting your developers.