YoVDO

How Much Do You Trust That Package? Understanding the Software Supply Chain

Offered By: linux.conf.au via YouTube

Tags

linux.conf.au Courses Software Development Courses Python Courses Javascript Courses Electron Courses npm Courses Risk Mitigation Courses Software Supply Chain Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical issue of supply chain security in modern software development through this 16-minute conference talk from linux.conf.au. Delve into the history of the software supply chain, examine recent security incidents involving third-party modules, and understand the risks associated with rapid development practices. Learn about the challenges faced by maintainers, the impact of unmaintained packages, and the potential vulnerabilities in popular ecosystems like npm and PyPI. Discover practical strategies to mitigate risks, including best practices for package management, regular audits, and responsible upgrade procedures. Gain valuable insights to enhance the security of your software projects and better navigate the complex landscape of third-party dependencies.

Syllabus

Intro
The Supply Chain
Unavailability
Defects
Bugs
Package Availability
Lack of Maintenance
Breaking Into Your Code
Python Nation
Colorama
NPM
Ecosystem
Electron
JavaScript
Mitigating Risks
The Dam Maintainer
Upgrades and Updates
Auditing
Summary
Everything


Taught by

linux.conf.au

Related Courses

Hardening Your Soft Software Supply Chain
Pluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX GitHub Supply Chain Security Using GitGat
Linux Foundation via edX Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube