Infosec In the City (IIC)
SINCON 2021 Conference — Open Source Supply Chain — by Steve Boone
Updated: Nov 2, 2021
SINCON 2021 Conference — Insights Talk
Day 1 (05 Nov 2021) 11.30am—12.00pm @ Main Stage
Open Source Supply Chain: Modern Approaches for Modern Problems
There are a number of new supply chain attacks that are becoming more prevalent within the software industry. In this talk, we will briefly discuss a high-level understanding of what a supply chain attack looks likes within a software organisation, and then we will drill down into specific examples of attacks, and ways to prevent them. Among the types of attacks, we will cover are dependency confusion, typosquatting, artefact repository poisoning, and manifest attacks. This talk will provide examples of each type of attack, as well as best practices for identifying and preventing these types of attacks from happening in your own organisation.
About Steven Boone
Over the last decade, Steve Boone has helped hundreds of global clients with their strategic adoption of secure DevOps best practices. A frequent speaker at DevOps Enterprise Summit, and DevOps World, Steve has shared his expertise on Secure Continuous Delivery, Value Stream Management, and Agile best practices. Today, Steve is the Head of Product Management at Checkmarx, where his focus is on helping customers solve modern application security problems for open source and API's.