Qwoted is a free expert network: we help reporters connect with experts & we help those same experts build relationships with top reporters.
Event Date |
Tue Aug 8 PDT (over 1 year ago)
In your timezone (EST): Tue Aug 8 3:00am - Tue Aug 8 3:00am |
Location |
TBA
Las Vegas Nevada, USA |
Region | Americas |
The open-source ecosystem is the lifeblood and starting point of every software supply chain. Packages are downloaded hundreds of thousands of times a day and used in all types of software around the globe. As threat actors increasingly execute more attacks via the open-source software ecosystem, clear gaps have emerged in modern application security.
While most organizations are focused on threats from critical vulnerabilities, attackers have moved on to new, more effective tactics that directly target developers. Even with tools like software composition analysis (SCA), security analytics, endpoint protections and private repositories in place, developers can still easily install open-source packages with malicious code that triggers on install to steal secrets, and install backdoors. Developers are responsible for innovation, have the AWS, SSH and GPG keys, often the signing keys, and unfettered access to build infrastructure and source code version control systems. This makes them the new high-value targets, and the open-source ecosystem is the new permitter.
2023 Speakers
MODERATOR:
Tom Field
SVP, Editorial ISMG
Pete Morgan
Co-Founder and CSO, Phylum