Overview
Explore 13 real-world threats to open source components and their potential impact on downstream developers in this 51-minute conference talk by Adrian Diglio from Microsoft. Gain insights into the growing importance of open source security, with over 90% of software industry-wide depending on open source components and attacks targeting these components increasing exponentially year over year. Learn how these threats can compromise developer identities and DevOps infrastructure, emphasizing the need for a comprehensive security strategy. Discover how the OpenSSF's Secure Supply Chain Consumption Framework (S2C2F) can assist development teams and organizations in modernizing their DevSecOps practices to mitigate each of the discussed threats.
Syllabus
OSS Supply Chain Threats and Why You Need a Holistic Security Strategy - Adrian Diglio, Microsoft
Taught by
Linux Foundation