Software supply chain security
Rootconf For members

Software supply chain security

Identifying and mitigating threats in modern software delivery

Tickets

Loading…

About the talk

Linux Foundation estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any modern software built by an organization. Additionally, modern software delivery systems are complex, consisting of multiple systems like SCM, CI/CD, package / container registries, deployment tools, container orchestrators etc.

Over time, malicious actors have shifted focus to attacking an organization’s dependency on OSS packages and modern software delivery systems. This is partly due to maturity of defensive technologies that mitigate traditional vulnerabilities and partly due the complexity of software delivery systems today.

In this talk, the speaker will introduce the larger problem of software supply chain security with a high level threat model and examples of past breaches. Security / DevOps / Engineering Teams responsible for establishing trust & safety for a product will benefit by learning about these attack surfaces and some of the mitigation options that are available today.

About the speaker

Abhisek Datta was security researcher in a past life. He is currently dabbling with product development. Abhisek is an OSS contributor and platform and security engineer.

Past Talks

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

About the talk

Linux Foundation estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any modern software built by an organization. Additionally, modern software delivery systems are complex, consisting of multiple systems like SCM, CI/CD, package / container registries, deployment tools, container orchestrators etc.

Over time, malicious actors have shifted focus to attacking an organization’s dependency on OSS packages and modern software delivery systems. This is partly due to maturity of defensive technologies that mitigate traditional vulnerabilities and partly due the complexity of software delivery systems today.

In this talk, the speaker will introduce the larger problem of software supply chain security with a high level threat model and examples of past breaches. Security / DevOps / Engineering Teams responsible for establishing trust & safety for a product will benefit by learning about these attack surfaces and some of the mitigation options that are available today.

About the speaker

Abhisek Datta was security researcher in a past life. He is currently dabbling with product development. Abhisek is an OSS contributor and platform and security engineer.

Past Talks

Videos

See all
An introduction to Software Supply Chain

An introduction to Software Supply Chain

Abhisek Datta

1 hour15 March 2023

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more