AWS re:Invent 2022
Secure Your Application Development with Aws and Mend Prt052

Title

AWS re:Invent 2022 - Secure your application development with AWS and Mend (PRT052)

Summary

  • Introduction: Jack Marcel from Mend (formerly White Source Software) introduces the company's focus on mending application security problems.
  • Security Landscape: The presentation highlights the shift in security threats from networks and endpoints to software applications, with software vulnerability exploits and third-party breaches being the top causes of data breaches.
  • Open Source Software: The use of open source has increased dramatically, leading to a rise in vulnerabilities, exemplified by incidents like Log4j and Spring4Shell.
  • AWS and Mend Partnership: AWS and Mend have partnered to integrate security solutions into AWS services, focusing on a "remediation first" approach to application security.
  • Business Results: Mend's solutions aim to improve security, streamline DevOps processes, and save developers time by reducing false positives and providing actionable remediation guidance.
  • Customer Success Story: CAE used Mend to quickly address Log4j vulnerabilities, demonstrating the effectiveness of Mend's Software Composition Analysis product.
  • New Integrations: Mend announced integrations with AWS CodeCommit and CodeBuild, and a new security action within Amazon Code Catalyst, allowing developers to easily add security scanning to their workflows.
  • Developer Tools Integration: Mend's security information is embedded within developers' existing tools, such as GitHub, GitLab, and Bitbucket, for seamless integration.
  • Call to Action: Attendees are encouraged to visit Mend's booth and website for more information on the AWS partnership and to use a QR code for additional resources.

Insights

  • Shift in Security Focus: The presentation underscores a significant shift in the security landscape, with application security now being the primary concern for organizations, reflecting a 14 percentage point increase over the past five years.
  • Open Source Management: Gartner's statement about managing open source software as a critical step for improving application security highlights the industry's recognition of the risks associated with the widespread adoption of open source.
  • Strategic Partnership Benefits: AWS's strategic partnership with Mend is designed to address security as a barrier to cloud adoption, suggesting that AWS recognizes the need for robust security solutions to encourage more cloud service usage.
  • Developer-Centric Security: Mend's approach to embedding security within the developer's workflow and reducing false positives aligns with the DevSecOps philosophy, emphasizing the importance of integrating security into the development process rather than treating it as an afterthought.
  • Automation and Efficiency: The integration of Mend Renovate with AWS development tools and the inclusion of security actions in Amazon Code Catalyst reflect a trend towards automation in security practices, aiming to make security maintenance more efficient and less disruptive for developers.
  • Customer Validation: The case study of CAE's rapid response to the Log4j vulnerability using Mend's tools serves as a practical validation of the effectiveness of Mend's solutions in a real-world crisis, reinforcing the value proposition of the partnership between Mend and AWS.
Secure and Multi Tenant Infrastructure as Code with Crossplane Argo Opn309Securing Kubernetes How to Address Kubernetes Attack Vectors Con318