Explore the interconnected risks of vulnerabilities and misconfigurations in cloud-native environments during this 46-minute Linux Foundation webinar. Delve into the evolving attack surface created by DevOps and cloud-native technologies, examining how open-source packages, infrastructure as code, container images, and delivery pipelines form complex interdependencies. Learn about software supply chain attacks that leverage infrastructure misconfigurations and known vulnerabilities, using the Log4j flaw as a case study. Gain insights into the necessity of a proactive, defense-in-depth approach to cloud-native security and discover strategies for comprehensive protection across entire cloud-native application stacks, from code to cloud and application to infrastructure. Topics covered include open source challenges, vulnerability databases, software composition analysis, sources of vulnerabilities, and practical examples to illustrate key concepts.