Community-Led 💬 What's on the Minds of Early Adopters #10
“logging4j” or “log4jing”, White House Open Sources Securely, and Argo 🚀
Welcome to Community-Led. Each week we connect founders to dozens of early adopters and technology executives in fast growing startups and Fortune 500 companies. This newsletter surfaces the most interesting insights and conversations across the >1,000 members of the Decibel community every month. Let’s dive in!
One Big Trend Worth Your Time
Regardless if you were “logging4j” or “log4jing” (h/t Devon Rollins!), 2021 set an unfortunate new bar for security concerns. One Fortune 500 security executive I spoke to on Dec 23rd said Log4J was only one of three significant security issues he was handling that week including a ransomware situation…we agreed that unfortunately, this has all become the norm.
Securing the software supply chain will continue to be a top priority. The White House recently held a virtual summit to address “unique security challenges” with open-source technology. The Decibel CISO Council also met to discuss the White House’s Executive Order on Improving the Nation’s Cybersecurity and agreed current risk assessment frameworks are not enough and more work is needed around Supply chain Levels for Software Artifacts (SLSA) and other open source frameworks and tooling.
So how can you, as an innovation-minded operator, continue to hit your business objectives while the security experts work their magic? Continue to drive those digital transformation projects as the modernization alone will provide added protection. HD Moore, co-founder of Rumble, points out Log4J is exploiting older environments using legacy APIs and tied to older Java runtimes. Rumble can help identify all of these issues and integrates with Censys which will discover external Internet assets that could be targeted for exploitation. In addition, cyber awareness (and protection) is a team sport. Empowering employees to protect themselves and their work (check out Nira!) helps the security teams and is just good business.
White House Convenes Open Source Security Summit Amid Log4j risk
White House tackles ‘unique security challenges’ faced by open source ecosystem
The COVID-19 crisis has fueled the increase of cybercrime in all its forms
CISA, FBI Warn of Potential Critical Infrastructure Attacks on Holidays
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
The Watercooler: What we’re hearing in the Community
An Inside Look at Innovation
With a mission to empower DevOps teams with the best tools to deliver their apps simpler, safer, and faster, it is not surprising that the Argo Project is the fastest growing Kubernetes-native project in the CNCF - other than Kubernetes itself!
Enabling companies to automate continuous delivery in any CI/CD pipeline, Argo co-creators Hong Wang and Jesse Suen launched Akuity, the new startup now behind the Argo project.
Argo makes it easy for developers to build applications using the power of Kubernetes and cloud-native infrastructure. Containers and microservices have become the foundation for modern software development, and Argo has become the workflow engine of choice for companies like Adobe, Cisco, Google, Intuit, Nvidia, and Tesla when using Kubernetes for application delivery. Check out Argo tips, tricks and How Tos here.
Decibel Friends and Family Update
🎉 Congratulations…
Deborah Wall named Corporate VP Product Management, Center for Data Science Artificial Intelligence at New York Life
Alexis Culp, Censys, Spotlighted By Women In Cybersecurity Oregon
🚀🚀
Abacus.ai on “The 10 Hottest AI Startups Of 2021” list
Credo AI’s co-founder, Navrina Singh named to Fortune’s Next 1,000 list
See you next time.
Thanks for reading. This is a community that you’re always welcome to add to. If you have any feedback or know a story that’s perfect for this newsletter, please reach out. Email me at Stacey@Decibel.vc.
Stacey