Software supply chain security

Software supply chain security

Identifying and mitigating threats in modern software delivery



About the talk

Linux Foundation estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any modern software built by an organization. Additionally, modern software delivery systems are complex, consisting of multiple systems like SCM, CI/CD, package / container registries, deployment tools, container orchestrators etc.

Over time, malicious actors have shifted focus to attacking an organization’s dependency on OSS packages and modern software delivery systems. This is partly due to maturity of defensive technologies that mitigate traditional vulnerabilities and partly due the complexity of software delivery systems today.

In this talk, the speaker will introduce the larger problem of software supply chain security with a high level threat model and examples of past breaches. Security / DevOps / Engineering Teams responsible for establishing trust & safety for a product will benefit by learning about these attack surfaces and some of the mitigation options that are available today.

About the speaker

Abhisek Datta was security researcher in a past life. He is currently dabbling with product development. Abhisek is an OSS contributor and platform and security engineer.

Past Talks


See all
An introduction to Software Supply Chain

An introduction to Software Supply Chain

Abhisek Datta

1 hour14 March 2023

Hosted by

We care about site reliability, cloud costs, security and data privacy