Explore the critical topic of supply chain security for open-source projects in this 54-minute Devoxx conference talk. Delve into the increasing sophistication of attacks on the open-source value chain and learn essential steps to protect software development processes. Examine potential threats, classic attack points from source code to binary, and free tools for enhancing security. Gain insights into arming against cyber attacks, understanding the "Solarwinds Hack," and implementing strategic security measures. Discover the importance of application security testing, dependency management, and compliance. Learn about projects like Salsa and Persia, and get practical advice on implementing on-demand scanning and other protective measures. Equip yourself with the knowledge to safeguard your open-source projects against evolving cyber threats.
Overview
Syllabus
Intro
Overview
Solomons Hell
Supply Chain
Application Security Testing
Machine Good vs Bad
Dependencies
Compliance and Vulnerability
Vulnerability Lifecycle
Malicious Components
Mass Grading
Drawing Package
Internal Dependencies
Hijacking
payloads
Source code
Homolog characters
Syntax highlighting
Biggest weapon in dependency management
SolarWinds was a disaster
What is an executive order
What do you need
Project Salsa
Project Persia
What to do now
Ondemand scanning
Additional information
What can you do
Questions
Taught by
Devoxx
Related Courses
-
Supply Chain Armoring: Tools and Techniques for Open Source Projects
-
Code Dependency - Chinese APTs in Software Supply Chain Attacks
-
Securing the Software Supply Chain: From Threats to Best Practices
-
Project Trebuchet - How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack
-
Secure Software Supply Chains for Python
-
The Supply Chain Conundrum: Why Traditional Application Security Is Failing Us
