Had the wonderful privilege this evening to be a Keynote speaker at this year’s All Day DevOps (ADDO).

It’s a 24hrs event, 180 sessions, 6 tracks covering CI/CD, Cultural Transformation, DevSecOps, Modern Infrastructure, SRE and Software Supply Chain. It’s a treasure trove of resources with content from community and industry thought leaders. And it’s all FREE!

My talk was titled “Mind the gap… Your AppSec Blindspot”.
I shared my observations on how dependent Modern Applications are on open source components (around 85% to 98% of apps consist of open source), and how we, as an industry, are not doing enough in third party open source management. I also shared three things we need to do to NOW to address this gap.
1. Maintain a software bill of materials (SBOM) – so that we can quickly determine our company’s exposure when responding to vulnerabilities.
2. Perform greater due diligence on new dependencies – Don’t pass defects downstream!
3. Update stale dependencies – build on latest.

While the 24hrs live presentations are coming to a close, the recordings are still available online at https://www.alldaydevops.com/

Hats off to the organizers, moderators and other speakers who make this annual event such a success. This event has been of tremendous value to the DevSecOps community.