DK
Deepam Kanjani
@deepamkanjani
The Shadow Supply Chain: Protecting Your Software from Invisible Open-Source Threats
Submitted Apr 1, 2025
Topic of your submission:
Supply chain security
Type of submission:
30 mins talk
I am submitting for:
Rootconf Annual Conference 2025
This session sheds light on the hidden risks lurking within indirect or transitive dependencies—the “shadow supply chain”—that quietly introduce vulnerabilities into your applications. Explore how invisible update hijacking and dependency graph poisoning can silently compromise software integrity, leaving teams unaware and vulnerable.
You’ll gain actionable insights into proactively detecting and mitigating these subtle but impactful threats. The session covers robust techniques such as immutable dependency verification (a technique to ensure that a software project’s dependencies are not changed after a certain point), behavioral monitoring, and automated dependency hygiene to safeguard your software delivery pipelines.
Key Takeaways:
- Understanding hidden risks within indirect open-source dependencies.
- Best practices for securing your software supply chain from invisible threats.
Audience Beneficial For: DevOps engineers, SREs, security professionals, engineering managers, and technical leaders focused on securing cloud-native applications and software supply chains.
Deepam is a cybersecurity expert, author, and currently serves as Senior Product Security Manager at Atlassian, where he leads initiatives on secure architecture design, supply chain security, and AI security integration. Deepam frequently speaks at conferences, sharing practical knowledge from his extensive cybersecurity experience.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}