Security Concerns in Every Stage of the Software Supply Chain

Explore security concerns throughout the software supply chain in this 36-minute conference talk from Conf42 DevOps 2024. Delve into topics such as security through obfuscation, the MoveIT transfer vulnerability, and the importance of developer education in coding safely. Examine software dependencies, including the Synopsis 2023 OSSRA report findings and supply-chain levels for software artifacts. Learn about dependency confusion attacks, package mining, and the infamous left-pad incident. Investigate container development challenges and discover hope through OWASP resources, OpenSSF courses, and actionable steps to improve security practices. Gain valuable insights to address vulnerabilities and strengthen your software development process from start to finish.

intro
preamble
background - melissa mckay
jfrog & nginx series
security through obfuscation
moveit transfer vulnerability progress
owasp joke essay
coding safely: developer education
software dependencies
synopsis 2023 ossra report cyrc findings from 2022
supply-chain levels for software artifacts
dependency confusion attack - package mining
managing open source dependencies
the left-pad incident
container development
is there any hope???
what else can we do?
owasp resources cheat sheets
openssf trio of free courses
what can we do???
questions?