YoVDO

Why You Should Care About Open Source Supply Chain Security

Offered By: PyCon US via YouTube

Tags

PyCon US Courses Software Development Courses Cybersecurity Courses Supply Chain Attacks Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical importance of open source supply chain security in this PyCon US talk. Delve into the nature of supply chain attacks, their impact on open source ecosystems, and common intrusion points. Learn essential concepts and terminology in supply chain security, discover open source projects and frameworks for protecting software integrity, and gain insights on evaluating the security practices of dependencies. Understand the mechanics of supply chain attacks, their detection challenges, and acquire actionable solutions to prepare for future threats. Examine unauthorized changes, compromised repositories, modified builds, and package vulnerabilities. Investigate risk evaluation methods, transitive dependencies, and the latest developments in the field. Conclude with a call to support open source initiatives for a more secure software ecosystem.

Syllabus

Intro
OPEN SOURCE SUPPLY CHAIN SECURITY (AND WHY YOU SHOULD CARE)
OVERVIEW
AFFECTING OPEN SOURCE ECOSYSTEMS
UNAUTHORIZED CHANGES
COMPROMISED SOURCE REPO
BUILD FROM MODIFIED SOURCE
COMPROMISED BUILD PROCESS
USE COMPROMISED DEPENDENCY
UPLOAD MODIFIED PACKAGE
COMPROMISE PACKAGE REPO
USE COMPROMISED PACKAGE
WHAT QUESTIONS MIGHT WE WANT TO ANSWER?
TERMINOLOGY
SIGSTORE
SLSA EXPLAINED
SLSA 1.0
EVALUATING RISKS
TRANSITIVE DEPENDENCIES
WHAT'S THE LATEST AND GREATEST?
SUPPORT OPEN SOURCE


Taught by

PyCon US

Related Courses

Supply Chain Cybersecurity: Preventing Supply Chain Attacks
LinkedIn Learning
Hardening Your Soft Software Supply Chain
Pluralsight
1-Click to Infiltrate Your Organization via Vulnerable VS Code Extensions
Ekoparty Security Conference via YouTube
Adding Security for Reliable Continuous Delivery
Conf42 via YouTube
3CX Supply Chain Attack: Lessons Learned
LASCON via YouTube