Explore the challenges and solutions for managing supply chain risk in the era of AI-assisted development in this 15-minute keynote address by Craig McLuckie, Co-founder and CEO of Stacklok. Delve into the potential security risks introduced by AI coding assistants like Duet AI, CodeWhisperer, and GitHub Copilot, including vulnerabilities to malware attacks and reliance on outdated or potentially malicious libraries. Learn about the importance of free and open-source tools that can be integrated into the software development lifecycle to enhance code security and vet external dependencies. Discover approaches for ensuring safe 'mergeability' of LLM-generated code based on best practices from successful open-source communities. Gain insights into projects like SigStore that address proof of origin, a critical aspect in the evolving landscape of AI-supported development.
Managing Supply Chain Risk in a World of AI-Assisted Developers
Overview
Syllabus
Keynote: Managing Supply Chain Risk in a World of AI Assisted Developers - Craig McLuckie
Taught by
Linux Foundation
Tags
Related Courses
-
Community-centric Approaches to Securing AI-generated Code
-
Supply Chain Security in the Enterprise
-
Practical Guides for Enhancing Your Software Supply Chain Security
-
The Dark Side of AI: Hidden Supply Chain Risks in Open-Source AI Models
-
Exploring a Risk Approach to Software Supply Chain Security
-
Securing Your Supply Chain with an Open Source Ecosystem
