Software supply chain security
Identifying and mitigating threats in modern software delivery
Zoom and live stream link for Zoom and live stream link for What is a software supply chain attack? - Today, 14 March Participants can join the talk today the 14 March at 4 pm via Zoom or watch the live stream here and on Hasgeek’s Twitter feed more
Linux Foundation estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any modern software built by an organization. Additionally, modern software delivery systems are complex, consisting of multiple systems like SCM, CI/CD, package / container registries, deployment tools, container orchestrators etc.
Over time, malicious actors have shifted focus to attacking an organization’s dependency on OSS packages and modern software delivery systems. This is partly due to maturity of defensive technologies that mitigate traditional vulnerabilities and partly due the complexity of software delivery systems today.
In this talk, the speaker will introduce the larger problem of software supply chain security with a high level threat model and examples of past breaches. Security / DevOps / Engineering Teams responsible for establishing trust & safety for a product will benefit by learning about these attack surfaces and some of the mitigation options that are available today.
Abhisek Datta was security researcher in a past life. He is currently dabbling with product development. Abhisek is an OSS contributor and platform and security engineer.