While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show the ease of conducting different attacks and provide a perspective on defeating them as defenders.

Cybersecurity incidents are among the greatest threats facing organizations today. This event, held in partnership with OpenSSF and CNCF, gathers security practitioners, open source developers, and others interested in software supply chain security to; explore the security threats affecting the software supply chain, share best practices and mitigation tactics and Increase knowledge about how to best secure open source software.



Sponsored Session: The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Conference: SupplyChainSecurityCon 2022

Authors: Jossef Harush Kadouri

Abstract

Post a comment

Related work

The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

Untrusted Execution: Attacking the Cloud Native Supply Chain

Web Cache Entanglement: Novel Pathways to Poisoning

Image Signing and Runtime Verification at Scale: Datadog's Journey

Picking Lockfiles: Attacking & Defending Your Supply Chain

Defending against chained attacks on your SSO/OAuth identity system