DevSecOps by Default: What Have, Can and Must we Learn from Log4Shell?

It’s been 6 months since Log4Shell ruined many Christmas holidays for Devs, Ops and especially Dev(Sec)Ops teams. How did this incident help us strengthen our software supply chain? How have DevSecOps adopted their delivery and operations orchestration to reduce the risk of future vulnerabilities? In this session we cover stories from DevSecOps teams that were fighting Log4Shell. We look into AppSec tools to detect vulnerabilities during delivery and in production and see how open source projects such as Falco, Keptn … help DevSecOps teams to enforce a “Secure by Default” policy!“


Andreas Grabner

2022 Andreas Grabner 2022 Andreas Grabner Firma


Andreas Grabner (@grabnerandi) has 20+ years of experience as a software developer, tester and architect and is an advocate for high-performing cloud scale applications. He is a regular contributor to the DevSecOps community, a frequent speaker at technology conferences and regularly publishes articles on