About the talk

Linux Foundation estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any modern software built by an organization. Additionally, modern software delivery systems are complex, consisting of multiple systems like SCM, CI/CD, package / container registries, deployment tools, container orchestrators etc.

Over time, malicious actors have shifted focus to attacking an organization’s dependency on OSS packages and modern software delivery systems. This is partly due to maturity of defensive technologies that mitigate traditional vulnerabilities and partly due the complexity of software delivery systems today.

In this talk, the speaker will introduce the larger problem of software supply chain security with a high level threat model and examples of past breaches. Security / DevOps / Engineering Teams responsible for establishing trust & safety for a product will benefit by learning about these attack surfaces and some of the mitigation options that are available today.

About the speaker

Abhisek Datta was security researcher in a past life. He is currently dabbling with product development. Abhisek is an OSS contributor and platform and security engineer.

Past Talks

Hosted by

Rootconf

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

An introduction to Software Supply Chain

Abhisek Datta

1 hour15 March 2023

Mar 2023

13 Mon

14 Tue 04:00 PM – 05:00 PM IST

15 Wed

16 Thu

17 Fri

18 Sat

19 Sun

Make a submission

Hosted by

Rootconf

Software supply chain security

About the talk

About the speaker

Past Talks