Supply Chain Security for OpenSource Projects

Explore the critical topic of supply chain security for open-source projects in this 54-minute Devoxx conference talk. Delve into the increasing sophistication of attacks on the open-source value chain and learn essential steps to protect software development processes. Examine potential threats, classic attack points from source code to binary, and free tools for enhancing security. Gain insights into arming against cyber attacks, understanding the "Solarwinds Hack," and implementing strategic security measures. Discover the importance of application security testing, dependency management, and compliance. Learn about projects like Salsa and Persia, and get practical advice on implementing on-demand scanning and other protective measures. Equip yourself with the knowledge to safeguard your open-source projects against evolving cyber threats.

Intro
Overview
Solomons Hell
Supply Chain
Application Security Testing
Machine Good vs Bad
Dependencies
Compliance and Vulnerability
Vulnerability Lifecycle
Malicious Components
Mass Grading
Drawing Package
Internal Dependencies
Hijacking
payloads
Source code
Homolog characters
Syntax highlighting
Biggest weapon in dependency management
SolarWinds was a disaster
What is an executive order
What do you need
Project Salsa
Project Persia
What to do now
Ondemand scanning
Additional information
What can you do
Questions