Open Source Supply Chain Threat Landscape - A Moving Target

Explore the evolving landscape of open source supply chain threats in this 31-minute conference talk by Brian Fox from Sonatype. Gain insights into the growing number of organized attackers exploiting vulnerabilities in open source ecosystems and their tactics to make malware appear legitimate. Learn about the cascading impacts of these exploitations and the importance of implementing developer-first security tools. Trace the evolution of attacks over the past 15 years, from old school vulnerabilities to modern sophisticated techniques targeting developers. Understand the economic motivations behind these attacks, including VC funding for attackers and the comparison to the global drug trade. Discover strategies to counter the latest types of attacks, including the importance of fixing open source vulnerabilities, implementing proper vulnerability analysis, and adopting factory Deming principles for security. Recognize the critical role of understanding your supply chain and empowering people to enhance security measures.