Managing Supply Chain Risk in a World of AI-Assisted Developers

Explore the challenges and solutions for managing supply chain risk in the era of AI-assisted development in this 15-minute keynote address by Craig McLuckie, Co-founder and CEO of Stacklok. Delve into the potential security risks introduced by AI coding assistants like Duet AI, CodeWhisperer, and GitHub Copilot, including vulnerabilities to malware attacks and reliance on outdated or potentially malicious libraries. Learn about the importance of free and open-source tools that can be integrated into the software development lifecycle to enhance code security and vet external dependencies. Discover approaches for ensuring safe 'mergeability' of LLM-generated code based on best practices from successful open-source communities. Gain insights into projects like SigStore that address proof of origin, a critical aspect in the evolving landscape of AI-supported development.

Keynote: Managing Supply Chain Risk in a World of AI Assisted Developers - Craig McLuckie