Software supply chain security
Identifying and mitigating threats in modern software delivery
About the talk #
Linux Foundation estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any modern software built by an organization. Additionally, modern software delivery systems are complex, consisting of multiple systems like SCM, CI/CD, package / container registries, deployment tools, container orchestrators etc.
Over time, malicious actors have shifted focus to attacking an organization’s dependency on OSS packages and modern software delivery systems. This is partly due to maturity of defensive technologies that mitigate traditional vulnerabilities and partly due the complexity of software delivery systems today.
In this talk, the speaker will introduce the larger problem of software supply chain security with a high level threat model and examples of past breaches. Security / DevOps / Engineering Teams responsible for establishing trust & safety for a product will benefit by learning about these attack surfaces and some of the mitigation options that are available today.
About the speaker #
Abhisek Datta was security researcher in a past life. He is currently dabbling with product development. Abhisek is an OSS contributor and platform and security engineer.
