Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a detailed 40-minute conference talk that dissects the notable xz-utils vulnerability and its implications for software security. Delve into the sophisticated social engineering attack that combined multiple techniques including maintainer takeover, obfuscated trigger code, and deceptive binary files masquerading as sample archives. Learn how this attack specifically targeted Linux distributions, affecting the broader software supply chain. Examine comprehensive analyses of the incident timeline, technical details of the malicious code, and the attack methodology. Gain insights into assessing similar risks in open-source repositories using tools like OpenSSF's Scorecard and Criticality Score. Understand potential future attack vectors in the software industry and discover strategies for mitigation and response to such security threats.
Syllabus
Analysis of and Lessons from the Xz-Utils Vulnerability – What Mig... - Taku Shimosawa & Atsuya Kato
Taught by
Linux Foundation