5. Defenders think in lists.
Attackers think in graphs.
As long as this is true,
attackers win.”
– John Lambert, Distinguished Engineer and General Manager,
Microsoft Threat Intelligence Center
“
23. Main Takeaways
1. CI/CD is becoming increasingly popular,
yet it also is a vast and complex attack surface.
2. Attackers think in graphs – and this is indeed true
for the CI/CD attack surface as well.
3. For defenders to keep up, they need to adopt the
same mindset, and likewise think in graphs.
4. There are interesting challenges and considerations
in engineering and modeling CI/CD graphs…
5. …however, by successfully doing so, the attack
surface becomes significantly less intimidating!