A new phenomenon stand out in recent years: security must pervade the entire software development lifecycle.
Except it isn't. Current generation of processes and tools is lacking crucial features to properly manage modern security risks.
Think of the Log4J event. Were you able to identify all affected components? Were they internally developed, or you need a vendor support? How fast you were able to deliver a fix?
In this talk we'll explore the challenges, what you can do with current tools, and which gaps should be addressed by communities through better practices and new tools.