Lessons Learned from Securing 40,000 C++ Packages with Conan.io

Explore the critical insights on supply chain security in this 31-minute conference talk by Diego Rodriguez-Losada Gonzalez, co-creator of Conan.io. Discover how the open-source package manager for C and C++ has maintained zero security incidents while managing over 11 million binaries and processing more than 9000 pull requests in two years. Learn about the implementation of automated quality checks, compiler security mitigations, package signing, and a secure build pipeline. Gain valuable knowledge on establishing an efficient and strict review process to safeguard against potential security threats in package repositories.