Explore the critical issue of supply chain security in the Java ecosystem through this conference talk from AppSecUSA 2017. Delve into the potential risks of trojaned binaries in open-source components, which make up 80% of modern software applications. Learn about an automated security pipeline created to detect malicious discrepancies between source code and binaries in Java libraries. Understand the importance of source-to-binary traceability and the challenges of identifying intentionally introduced vulnerabilities. Gain insights from Jeff Williams, CTO of Contrast Security, on the need for vigilance in trusting third-party code and the potential consequences of compromised popular components like Log4j or Apache Commons.
Supply Chain Anarchy - Trojaned Binaries in the Java Ecosystem
Overview
Syllabus
Supply Chain Anarchy - Trojaned Binaries in the Java Ecosystem - AppSecUSA 2017
Taught by
OWASP Foundation
Related Courses
-
Docker and Pyrsia - Securing the Software Supply Chain
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Fortify Your Code: Secure Your Supply Chain with Scorecard
-
Untrusted Execution - Attacking the Cloud Native Supply Chain
-
Securing Your Supply Chain with an Open Source Ecosystem
-
Open Source Supply Chain Security for Enterprises
