Open Source Vulnerabilities Cut Across SectorsDJ Schleen of Sonatype on the Scale of Application Insecurity
Large or small, enterprises from all sectors are dealing with the same vulnerabilities in open source code. The difference: the scale of the problem. DJ Schleen of Sonatype discusses insights from the latest ISMG roundtable dinner.
Amidst a multi-city tour, ISMG and Sonatype visited Seattle for an engaging discussion on how to mitigate risks introduced by open source software. Schleen, a DevSecOps advocate with Sonatype, discusses how the conversation highlights the varying scale of application security issues experienced across sectors.
"No matter what size of organization you're in, we're all experiencing the same issues," Schleen says. "We're all dealing with the open source and supply chain problem - and large organizations are no different from small startups."
In an interview following the Seattle event, Schleen discusses:
- The scale of the application security conversation;
- Takeaways from the Seattle crowd;
- The value of these roundtable discussions for attendees.
Schleen is a seasoned DevSecOps advocate, at Sonatype and provides thought leadership to organizations looking to integrate security into their DevOps practices. He comes from a practitioner background and specializes in architecting DevSecOps pipelines, automating security in DevOps environments, and breaking down organizational silos that inhibit the delivery of safer software. Schleen has worked to streamline development pipelines and practices for many Fortune 100 organizations by focusing on culture and technique. He uses this expertise to surface the right technology to serve business goals and support outcomes. He is an international speaker, blogger, instructor and author in the DevSecOps community where he encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey.