tldr - powered by Generative AI

• Third-party solutions can assist in improving security and visibility in JavaScript applications
• Behavioral overriding or monkey patching is used by third-party solutions to gain control over the application and runtime
• However, these solutions lack visibility into JavaScript Realms, which affects security
• Realms are ecosystems in which JavaScript plugins exist and have their own global execution environment
• Improving security and visibility in Realms requires solutions that can provide visibility into Realms

tldr - powered by Generative AI

• Conan.io is an open-source package manager for C and C++ that has over 11 million binaries built by user-submitted recipes.
• Despite its wide reception, Conan.io has had 0 security incidents since its inception.
• Conan.io utilizes automated quality checks, compiler security mitigations, package signing, a secure build pipeline, and an extremely strict and efficient review process to maintain supply chain security.
• Diego Rodriguez and his team have received over 9000 pull requests in the last two years and have a dedicated team of 10 people sponsored by jfrog as maintainers of the Conan project.
• Conan.io is becoming an important piece in the C++ ecosystem and needs to be secure.

tldr - powered by Generative AI

• Open source code makes up a significant portion of an organization's codebase, and new packages are constantly being developed, leading to vulnerabilities and breaches.
• Containerization is important for keeping code and infrastructure clean, but vulnerabilities can still surface in containers.
• Developers' integrated development environments, such as Visual Studio Code, are also vulnerable to attacks.
• Secure development environments are crucial for protecting end users and require a shift left approach to security.
• The presentation includes a demonstration of a vulnerability in the Instant Markdown plugin for Visual Studio Code.