Conference:  Defcon 31

Authors: Cory Doctorow

2023-08-01

The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. It doesn't have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to "five giant websites filled with screenshots of text from the other four" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification. We don't have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!

Conference:  SupplyChainSecurityCon 2022

Authors: Jory Burson, Andrew Aitken, Jeffrey Borek, Rao Lakkakula

2022-06-21

The importance of software supply chain security and the need for organizations to prioritize knowledge and training in analyzing S-bombs.

• Encouraging younger developers to get involved in software supply chain security
• Creating a database to share and compare S-bombs
• Training people to review and analyze S-bombs
• Procurement as a gatekeeper to S-bomb adoption
• The OpenCRE project as a way to develop a common format for regulations and standards
• The importance of developing a constituency within an organization to address software supply chain security