Mindlessly playing whack-a-mole using CVE databases is an inefficient use of a developer's time. And even if you manage to proudly proclaim zero vulnerabilities, it is still possible that your software isn't as secure as you want it to be. The security of your software goes beyond simple compliance.

During this session, Melissa will explain and provide real-world examples of the various types of security issues outside of CVEs that developers must be aware of and must consider when developing and deploying cloud-native apps.

She will share insights on how to evaluate the plethora of scanning tools available today, and about existing programs and education offered through the Linux Foundation, the OpenSSF, and OWASP. Most importantly, leave this session knowing how to make the most out of "shift-left" security and how to shore up your applications when it comes to resolving dependencies, packaging, and deploying your cloud-native applications.