Every risk is not a CVE - Bolster up against software supply chain attacks

Name: Every risk is not a CVE - Bolster up against software supply chain attacks
Start: 2023-11-16T18:00:00-05:00
End: 2023-11-16T20:00:00-05:00
Location: Improving

Hosted By

Bill S. and 3 others

Every risk is not a CVE - Bolster up against software supply chain attacks

Details

3rd party and open source software components are both desired and indispensable ingredients used throughout the development lifecycle, but their consumption comes with considerable security risks, both for the developer herself and her downstream users. The rise of corresponding security incidents demonstrates that adversaries discovered those attack vectors as a viable and scalable attack pattern.

We will present a comprehensive, comprehensible and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents, and validated by experts in the domain. An interactive visualization of this taxonomy, available as open source itself, will be demoed throughout the talk to explain different techniques at the disposal of attackers, supported by real-world examples.

Mantium AI will be providing snax.

COVID-19 safety measures

Event will be indoors

The event host is instituting the above safety measures for this event. Meetup is not responsible for ensuring, and will not independently verify, that these precautions are followed.

Events in Columbus, OH Application Security OWASP

Computer Security Web Security Information Security