The Evolution of the Software Supply Chain Attack
Ilkka Turunen at DevSecCon24 2020
Malicious hackers are becoming increasingly adept at attacking the underbelly of the Software Supply Chain. To cause the most damage whilst remaining undetected, hackers are rapidly evolving their attack methods.
For the past four years, the State of the Software Supply Chain Report has documented multiple forms of Open Source Software (OSS) Supply Chain attacks including malicious code injection, stealing project credentials, and typosquatting. However, recent reports (March 9th) have surfaced a new type of Software Supply Chain attack. So far, the Octopus Scanner malware has compromised 26 open source projects hosted on GitHub targeting a well known IDE.
Join Ilkka as he shares the proprietary research gathered from 36,000 OSS projects and over 5,000 development teams. Ilkka will walk through how hackers are becoming increasingly successful at breaching Software Supply Chains and what you can do about it.
Ilkka Turunen
Global Director, Pre-sales Engineering at Sonatype
Ilkka’s background is in software and systems engineering, acting as an architect for several commercial projects. He has helped define everything from the software design to webscale infrastructure architectures and regularly works with companies across the world to understand and improve their software supply chain and continuous delivery pipelines.
For the past four years, the State of the Software Supply Chain Report has documented multiple forms of Open Source Software (OSS) Supply Chain attacks including malicious code injection, stealing project credentials, and typosquatting. However, recent reports (March 9th) have surfaced a new type of Software Supply Chain attack. So far, the Octopus Scanner malware has compromised 26 open source projects hosted on GitHub targeting a well known IDE.
Join Ilkka as he shares the proprietary research gathered from 36,000 OSS projects and over 5,000 development teams. Ilkka will walk through how hackers are becoming increasingly successful at breaching Software Supply Chains and what you can do about it.
Ilkka Turunen
Global Director, Pre-sales Engineering at Sonatype
Ilkka’s background is in software and systems engineering, acting as an architect for several commercial projects. He has helped define everything from the software design to webscale infrastructure architectures and regularly works with companies across the world to understand and improve their software supply chain and continuous delivery pipelines.