Weaponizing NPM Packages for Protest and Malware

Join us in this exclusive Cloud Native Computing Switzerland event with Liran Tal, Director Developer Advocacy at Snyk, on Thursday May 19th, 18:00 CEST at VSHN!

Open-source software is ubiquitous and no one is short of npm modules, but that also makes them a prime target for attackers and a genuine risk to developers and governments alike. Whether the mission is espionage, cryptocurrency heist, or protesting against capitalism and war, open-source software is being actively weaponized and we’re all potential targets. In this session, Liran will share details on recent headline incidents such as node-ipc, colors, faker, and the impact on supply chain security, as well as what you can do to minimize the risk. After the talk, we'll run a live Q&A session. Join us!

Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group and further promotes open-source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O'Reilly's Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.

The event will be livestreamed, recorded, and made available later on VSHN's YouTube channel: https://vshn.tv – subscribe to be notified of updates! The actual URL of the livestream will be:
https://youtu.be/rWvBMNmwWEI

And follow us on Twitter, Facebook, and LinkedIn!

We expect all participants to abide by VSHN's Conference Code of Conduct: https://www.vshn.ch/en/code-of-conduct/

If you would like to talk about your cloud-native projects in the CNC Switzerland meetup events, just send us your talk suggestion here: https://cnc-meetup.ch – we look forward to hearing from you!