Overview
Explore the critical issue of software supply chain compromises in this 30-minute Black Hat conference talk. Delve into the emergence of these attacks, examining high-profile enterprise security incidents and their common origins. Gain insights into the factors motivating attackers to adopt this approach and learn practical risk mitigation strategies for enterprises. Analyze case studies like Handbrake and NotPetia, understand the system of supply chain attacks, and explore software diversity metrics. Discover trends, patterns, and challenges in detection, including the role of Homebrew. Engage with tabletop scenarios and data provider considerations to enhance your organization's response capabilities. Equip yourself with valuable knowledge to defend against this evolving threat landscape in the software industry.
Syllabus
Introduction
Handbrake and NotPetia
System of Supply Chain Attacks
Whats driving these attacks
How attackers adapt
Software diversity
Software diversity metrics
How do security teams cope
Trends and patterns
Challenges with detection
Homebrew
How do we respond
Tabletop scenarios
Data providers
Summary
Taught by
Black Hat