Application Security is indeed stuck at the Monolith era, new tools (and approach) is required to make it applicable to micro services architecture. Something like the shift from CWPP to CNAPP if to use Gartner’s terminology for the cloud security space

Ariel Shuper It's also a mindshift change right? Traditional application security was about meeting the security professional. That needs to evolve so that tools and practices are about meeting and enabling developers. Security practitioners are important but they aren't the bottleneck.

Great point!

Just a bad luck🤣🤣

Is #IaC files a new target for #software #supplychain attacks? great article from xssfox parody account (@[email protected]) about potential exploits sprocketfox.io/xssfox/2022/02… Time to think about #codesigning extension for cloud deployments files

Interesting addition to Dependency-Track with #VEX adding more sense to Vulnerabilities findings, great step!

PM job interview really depends on how the specific company defines the PM role /their expectations. The PM spectrum is wide, between inbound and outbound

Great signal for the emergence of a new standard in code/image security… blog.sigstore.dev/kubernetes-sig…

I'm excited to present how to sign and validate #serverless functions with OpenSSF #cosignat next week Cloud Native, Inc. SecurityCon next week #KubeConEU #CNSecurityCon sched.co/zsUY

💻 This #TechnologyDay, take a deep dive into our #CiscoTechBlog for everything you need to see into the #FutureOfTech. Kick off with this serverless security blog written special for today from #CiscoETI's Ariel Shuper: cs.co/6018zyLfe

I just wrapped up a Twitter List of all speakers on CNCF's #SecurityCon event in-case you want to follow-up on what they are up to: x.com/i/lists/152584… It's colocated with KubeCon here in Valencia 🇪🇸 See y'all tomorrow on the 1st day 👋

#KubeCon EU and #CNSecurityCon here we come

Had great time presenting today at the #CNSecurityCon. It was great to present in person (and to see myself in a prerecorded session)

It’s a good question which requires evaluation when we test modern micro services applications. IMO some of the classical tests/techniques require a big change (and not simple adaptations like insertion to CI/CD pipelines)

We are big fans 👍👍 of serverless applications...but even they are vulnerable to attacks and hacks 👾. Get the details on how to prevent others from tampering with your code before #deployment in this #CiscoTechBlog from Ariel Shuper:

Attending the Open Source Summit this week? Interested in #Containerssecurity? #Kubernetessecurity? come to my session: ossna2022.sched.com/event/8e61a073… #ossummit Sched

Oh, hey there! You surprised us!! We'll be hanging out for the week at #OSSummit, if you want to hallway track with Cisco's #OSPO!

Knative is celebrating 4 amazing years of being an #OpenSource project! 🎁

I'm really excited that Pod Security Admission is stable in #Kubernetes v1.25. It provides super-simple out-of-the-box pod security, and I'm optimistic that it will raise the bar for baseline Kubernetes hardening. kubernetes.io/blog/2022/08/2…

Indeed, serverless functions outside AWS are used as a small corner cases. Interestingly, it’s the whole “serverless” motion which is more popular in AWS extending to new services every year while in the other cloud providers it’s steal a catch-up game.