A good attacker will target the most vulnerable part of a software system. In the past, this has been application flaws, hardware bugs, or misconfigurations.

As the industry has evolved to detect and prevent these errors, attackers have moved to newer targets: your dependencies. Instead of attempting to execute a complex attack directly against a target, attackers are injecting malicious code into popular downstream transitive dependencies. Without proper controls, victims quickly inherit this malicious code into their software systems which can lead to a total system compromise.

This talk dives into the problem of software supply chain security and presents some ideas for addressing the problem.

Speaker

Paweł Skrzypek: experienced architect of IT solutions, in particular in the field of processing large data sets and machine learning solutions. In the years 2006 - 2015 he co-created the

Speaker

Alicja Reniewicz is a technical leader of the MELODIC development team and full stack developer (in technologies related to web applications: Java, Spring, Angular), code integration and