Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How Much Do You Trust That Package? Understanding the Software Supply Chain

linux.conf.au via YouTube

Overview

Explore the critical issue of supply chain security in modern software development through this 16-minute conference talk from linux.conf.au. Delve into the history of the software supply chain, examine recent security incidents involving third-party modules, and understand the risks associated with rapid development practices. Learn about the challenges faced by maintainers, the impact of unmaintained packages, and the potential vulnerabilities in popular ecosystems like npm and PyPI. Discover practical strategies to mitigate risks, including best practices for package management, regular audits, and responsible upgrade procedures. Gain valuable insights to enhance the security of your software projects and better navigate the complex landscape of third-party dependencies.

Syllabus

Intro
The Supply Chain
Unavailability
Defects
Bugs
Package Availability
Lack of Maintenance
Breaking Into Your Code
Python Nation
Colorama
NPM
Ecosystem
Electron
JavaScript
Mitigating Risks
The Dam Maintainer
Upgrades and Updates
Auditing
Summary
Everything

Taught by

linux.conf.au

Reviews

Start your review of How Much Do You Trust That Package? Understanding the Software Supply Chain

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.