Deepfactor and customer Open Lending to speak at BSides Austin 2023, May 5.
Speaking session: 10:30 AM, in Balcones
Reducing Alert Fatigue with Container Scans: Correlate, Prioritize and Filter Based on Usage
Jeff Deverna, VP of Cyber Security for our customer Open Lending will join our founder & CEO Kiran Kamity
Scenario: Your application is composed of 12 Docker containers. Together they have 400 packages. When you run a container scan with an SCA (software composition analysis) tool, you notice that 120 of them have vulnerabilities. Your security team is asking you to fix all the critical and high vulnerabilities, but your dev/devops team doesn’t have the cycles. What do you do?
Today, developers and DevOps engineers are being asked to address vulnerabilities and supply chain risks in container images. However, the volume of noisy security alerts often leads to developers ignoring them entirely or wasting valuable sprint time researching “false positives.”
This session will focus on how engineering teams can correlate vulnerabilities with runtime information, prioritize alerts based on usage, and filter out false positives that don’t represent a true exposure of a vulnerability. Prioritizing security updates to only used packages in your container image is a highly effective approach to reducing alert fatigue with your container scans. In addition, your DevOps team can even consider removing some of the unused packages and shrink your container images. As an example, this session will include a demonstration of a typical SCA static container scan of a sample open-source test application and then show how an engineering team can filter alerts to reduce the number of vulnerable and used alerts that actually need to be fixed by developers by up to 90%.
And make sure to come by our booth to:
- Find out how Deepfactor Developer Security can help engineering and security teams find, prioritize, and fix vulnerabilities in your cloud native applications.
- Ask us about a FREE 60-MINUTE Risk Assessment with using Deepfactor Developer Security
- Enter to win an ASUS ZenScreen 15.6″ 1080P Portable Monitor
And you can book a meeting now for either on-site at BSides Austin, or with our team at any other time.
Location:
Commons Learning Center on the J.J. Pickle Research Campus at The University of Texas at Austin
10100 Burnet Road
Bldg 137
Austin, TX