While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show the ease of conducting different attacks and provide a perspective on defeating them as defenders.


RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Sponsored Session: The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Untrusted Execution: Attacking the Cloud Native Supply Chain

Web Cache Entanglement: Novel Pathways to Poisoning

Image Signing and Runtime Verification at Scale: Datadog's Journey

Picking Lockfiles: Attacking & Defending Your Supply Chain

Defending against chained attacks on your SSO/OAuth identity system