Tl;dr
We’re excited to join our friends at Snyk to make security 100x better in 2022 with #TheBigFix! This event brings developers, DevOps, and security practitioners from around the world to find and fix vulnerabilities together.
Learn how to handle #ZeroDay vulnerabilities like #Log4Shell with the community while earning free swag!
While shifting left is yet to be the new normal, most developers both on the application and infrastructure layers now know that they should think of themselves as part of the people in charge of security, even if they are not actual members of their organisation’s security team.
Many driftctl users are infrastructure developers themselves, and depending on their field of activity, may have been lucky enough not to be directly impacted by the incredible log4shell hurricane that recently blasted the whole internet. Yet, a couple of weeks past this major incident, it is time to reflect on where our responsibilities lie in this field and how we can take the bull by the horns and fix what needs to be fixed in our infras.
While rare, attacks directly aimed at the infrastructure layers can happen, like the Kubernetes man-in-the-middle attack that was disclosed publicly on December 8th, 2020.
But usually, vulnerabilities in infrastructures are not to be directly compared to what they mean in the more generic sense of the word for applications developers. The major part of the issues related to security in infrastructures come from a lack of compliance with some standards, which is why the way we write our Infrastructure as Code matters.
Things like an insecure AWS S3 bucket or an EC2 instance that is open to all can leave you open to a potentially tremendous breach. Similarly, a container running without root user control, hard-coded credentials in the configuration of a VM, and other such practices are vulnerabilities that you should fix as quickly as you can.
And Obviously, we here at driftctl would say that infrastructure drift is one of the key elements that you should be monitoring since any blind spot is a source of potential security issues, but just this once, we are not going to focus on that. 🙂
The Big Fix is an event that brings together developers, DevOps, and security practitioners of all skill levels to help make the internet more secure. This is a great opportunity to secure your personal or professional projects.
How it works:
To take part in this event and make your infrastructure more secure, you just need to connect a project to Snyk (or use one that is already connected) and scan it to find vulnerabilities. Snyk Infrastructure as Code (available to everyone for free) will help you find and fix misconfigurations in Terraform, Cloud Formation, Kubernetes and Azure Resource Manager templates.
Fix at least one security vulnerability during The Big Fix and Snyk will send you a limited edition Big Fix t-shirt. If you import 3+ projects into Snyk, you’ll be entered into a raffle for an additional swag.
The climax of the event will happen on February 25 with an interactive Fix-a-thon — a 24-hour livestream event focused on DevSecOps and developer security.
So now is the time for you to help make security 100x better in 2022! Join us to help find (and fix!) security vulnerabilities while making friends and winning swag.
Get product updates and occasional news.