What we’re about
The greater Washington DC area's oldest and largest java user group, established in the mid 90's golden era of Java and going strong to this day! We focus on anything of interest to Java developers, from Web Development to Big Data. We host the annual DevIgnition conference focusing on the interests of the DC area's Java community.
For meetings that feature Big Data topics we will also be known as Data Driven DC. Data Driven DC runs the annual BigConf data conference. We will post Big Data videos on our Data Driven DC Vimeo channel.
Upcoming events (1)See all
- The Dark Side of Open Source ProductivitySolution Street, Herndon, VA
Event opens at 6 PM, presentation begins at 7 PM.
Many thanks to Solution Street for hosting this meetup!
Matt Brown will present "The Dark Side of Open Source Productivity".
There is a dark side to productivity with open source. In modern applications, the majority of code on which an application is built isn’t code written by your team. Modern applications are built on the backs of volunteer communities and open-source software. These volunteers and their software delivery practices all become potential attack vectors.
The truth is that most organizations do not factor open-source supply chain attacks into their organization’s threat models today. Security incidents such as the CodeCov bash uploader script, the npm colors, and faker intentionally introduced malicious commits, and the recent PyPi backdoors targeting AWS credentials highlight the impact of supply chain attacks as a scalable attack pattern.
To spread awareness on supply chain attacks so that organizations can scalably handle them we propose baking supply chain attacks into existing threat modeling procedures and software development culture so that organizations can champion supply chain management of open source in the places where they are most impactful, at development time.
We will present a comprehensive, comprehensible, and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents and validated by experts in the domain.
Following, we will discuss the types of defenses you can put in place to detect and respond to such modern day attacks and how you can work these defenses in based on your program’s maturity.