Explore the critical issue of supply chain security in the Java ecosystem through this conference talk from AppSecUSA 2017. Delve into the potential risks of trojaned binaries in open-source components, which make up 80% of modern software applications. Learn about an automated security pipeline created to detect malicious discrepancies between source code and binaries in Java libraries. Understand the importance of source-to-binary traceability and the challenges of identifying intentionally introduced vulnerabilities. Gain insights from Jeff Williams, CTO of Contrast Security, on the need for vigilance in trusting third-party code and the potential consequences of compromised popular components like Log4j or Apache Commons.
Supply Chain Anarchy - Trojaned Binaries in the Java Ecosystem
Overview
Syllabus
Supply Chain Anarchy - Trojaned Binaries in the Java Ecosystem - AppSecUSA 2017
Taught by
OWASP Foundation
Related Courses
-
Docker and Pyrsia - Securing the Software Supply Chain
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Fortify Your Code: Secure Your Supply Chain with Scorecard
-
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&blur=200&h=40&ixlib=php-4.1.0&px=16&s=39a7386e89fe41aff1e1aa4e9df07aa2)
Untrusted Execution - Attacking the Cloud Native Supply Chain
-
Securing Your Supply Chain with an Open Source Ecosystem
-
Open Source Supply Chain Security for Enterprises
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=40&ixlib=php-4.1.0&s=41ac519a3d7def6c705637a8ae3c06c4){kind=small}
