Sydney Forum
Friday 1st April
12:30 - 16:30
Hotel CBD, Fourth Floor
Sydney Forum
Friday 1st April
12:30 - 16:30
Hotel CBD, Fourth Floor
.png)
.png)
.png)
%20(1).png?width=400&name=Copy%20of%20DLF-location-image%20(2)%20(1).png)
Learn and network in an iconic heritage location
Join us for an afternoon of learning and networking at the Hotel CBD Dining and Fourth Floor in the Sydney CBD.
Learn and network in an iconic heritage location
Join us for an afternoon of learning and networking at the Hotel CBD Dining and Fourth Floor in the Sydney CBD.
Commonwealth Bank of Australia
Brendan Hopper is the Commonwealth Bank Group CIO for Technology, responsible for ensuring that the Bank has a world-leading IT engineering capability, and that we make the right technology investments and decisions so that technology becomes an accelerator, not a disruptor, for us and our customers.
-1.png)
Tyro Payments
Sonatype
Commonwealth Bank of Australia
Brendan Hopper is the Commonwealth Bank Group CIO for Technology, responsible for ensuring that the Bank has a world-leading IT engineering capability, and that we make the right technology investments and decisions so that technology becomes an accelerator, not a disruptor, for us and our customers.
Tyro Payments
Sonatype
Agenda
Networking Lunch
What do software supply chains look like in a post Log4j World?
Cameron Townshend, Sonatype
The Log4shell vulnerability found in the Log4j logging framework has been recognised as one of the most critical vulnerabilities ever, open source or otherwise. And, while the dangers of the Log4j vulnerability remain high, even 4 months out, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: if you don’t know what’s in your software supply chain, you’re already behind.
When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.
While this outlook might seem bleak, Adam will easy steps you can take to significantly mitigate risk.
Fireside chat: shifting security left, developers as a front line for security
Brendan Hopper, CBA
Coffee Break
Mind the gap… Third Party Management is the new appsec blindspot
Edwin Kwan, Tyro Payments
Third party open-source libraries make up the bulk of most modern applications. Leveraging them allows us to build faster by providing functionality which we would otherwise have to write ourselves. However, not all open-source libraries are created equal, and poor third-party management can result in vulnerabilities being introduced into our applications.
In this session, we will look at just how much open source our applications are using and review some common third-party management gaps in most typical AppSec programs. We will also look at several AppSec best practice approaches for better third-party management.
Moving from reactive to proactive vulnerability management
Networking Drinks
Agenda
Networking Lunch
What do software supply chains look like in a post Log4j World?
Cameron Townshend, Sonatype
The Log4shell vulnerability found in the Log4j logging framework has been recognised as one of the most critical vulnerabilities ever, open source or otherwise. And, while the dangers of the Log4j vulnerability remain high, even 4 months out, the situation has highlighted an even bigger issue that is plaguing security professionals and developers: if you don’t know what’s in your software supply chain, you’re already behind.
When a flaw is disclosed, companies are instantly thrust into a race against time to fix it before it can be exploited by an attacker, meaning every minute counts. If you don’t know what’s in your software, you’re effectively giving hackers a huge head start.
While this outlook might seem bleak, Adam will easy steps you can take to significantly mitigate risk.
Fireside chat: shifting security left, developers as a front line for security
Brendan Hopper, CBA
Coffee Break
Mind the gap… Third Party Management is the new appsec blindspot
Edwin Kwan, Tyro Payments
Third party open-source libraries make up the bulk of most modern applications. Leveraging them allows us to build faster by providing functionality which we would otherwise have to write ourselves. However, not all open-source libraries are created equal, and poor third-party management can result in vulnerabilities being introduced into our applications.
In this session, we will look at just how much open source our applications are using and review some common third-party management gaps in most typical AppSec programs. We will also look at several AppSec best practice approaches for better third-party management.
Moving from reactive to proactive vulnerability management
Networking Drinks
Fortune 2000 Companies
Learn from organisations at all phases of their journeys as they talk about the rapidly changing roles within DevSecOps and digital transformations.
Senior IT Decision Makers
Senior IT Decision Makers Hear from senior and executive technology leaders who have successfully implemented governance practices within DevOps transformations.
Collaboration & Learning
Collaboration & Learning Connect with industry peers to learn together how to bring together software developers and security professionals to remediate open source risk, without slowing down innovation.
Fortune 2000 Companies
Learn from organisations at all phases of their journeys as they talk about the rapidly changing roles within DevSecOps and digital transformations.
Senior IT Decision Makers
Senior IT Decision Makers Hear from senior and executive technology leaders who have successfully implemented governance practices within DevOps transformations.
Collaboration & Learning
Collaboration & Learning Connect with industry peers to learn together how to bring together software developers and security professionals to remediate open source risk, without slowing down innovation.
