The threat is real: software supply chain vulnerabilities
Maya Kaczorowski at All The Talks 2020 - DevOps
Software supply chain threats are real! As more developers and companies rely on open-source code - that anyone can contribute to, including attacks - this open the door to a new vector of attack. There are increasing supply chain compromises which successfully sneak in new backdoored packages, use typosquatting, or even compromise build tooling and signing keys. What's actually happening in the wild, how do you determine your dependencies, and properly secure yourself?
We’ll cover common kinds of supply chain attacks, and when they’re likely to happen. We'll dive into specific examples that have occurred in the last few years, to understand how and why these attacks happen, as well as summarize overall trends in the industry. We'll close up by discussing what developers can do to determine your dependencies, and be notified of new security patches you should apply, including best practices to make this easier on your dev team. We’ll also cover what you can do to contribute back - like how you should report vulnerabilities you discover in open-source.
You’ll come away with a better understanding of what you can do for supply chain security for your organization.
Maya Kaczorowski
Product Manager, Software Supply Chain Security
Maya is a Product Manager at GitHub in software supply chain security. She was previously in Security & Privacy at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises. Maya completed her Master's in mathematics focusing on cryptography and game theory. Outside of work, she is passionate about ice cream, puzzling, running, and reading nonfiction.
We’ll cover common kinds of supply chain attacks, and when they’re likely to happen. We'll dive into specific examples that have occurred in the last few years, to understand how and why these attacks happen, as well as summarize overall trends in the industry. We'll close up by discussing what developers can do to determine your dependencies, and be notified of new security patches you should apply, including best practices to make this easier on your dev team. We’ll also cover what you can do to contribute back - like how you should report vulnerabilities you discover in open-source.
You’ll come away with a better understanding of what you can do for supply chain security for your organization.
Maya Kaczorowski
Product Manager, Software Supply Chain Security
Maya is a Product Manager at GitHub in software supply chain security. She was previously in Security & Privacy at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises. Maya completed her Master's in mathematics focusing on cryptography and game theory. Outside of work, she is passionate about ice cream, puzzling, running, and reading nonfiction.