Talks: Why You Should Care About Open Source Supply Chain Security

Friday - April 21st, 2023 1:45 p.m.-2:15 p.m. in 255ABC

Presented by:

Experience Level:

Some experience


Over the past several years, large-scale hacks triggered by compromised software supply chains have dominated the news. The aftermath has inspired the creation of new organizations, tools, and systems to help prevent and respond to similar lines of attack in the future.

In this talk, you'll learn about the insidious nature of supply chain attacks, common points of intrusion, and why the open source ecosystem is especially vulnerable. Next, you’ll learn about the basic concepts and terms involved in supply chain security and learn about open source projects and frameworks you can apply to protect the integrity of your own software. Lastly, you’ll learn about ways that you can evaluate the supply chain security practices of the dependencies you rely on. You’ll leave the talk understanding how supply chain attacks happen, why they’re so difficult to detect, and take away actionable solutions allowing you to be better prepared for the next wave of supply chain attacks.