Security Debt in the Software Supply Chain & Malicious Packages in the age of AI

Welcome to the DevSecOps London Gathering – May Edition! Join us as Amanda Lee from Veracode unpacks key insights from their latest State of Software Security report, revealing how leading organisations are tackling third-party vulnerabilities, accelerating remediation, and using AI to stay ahead.

We’re also joined by Matt Salmon for a timely and eye-opening talk: Hallucinated Code, Real Threats, which explores how AI coding assistants are introducing a new class of risks through hallucinated packages and malicious recommendations. As attackers turn their attention to open-source ecosystems and prompt injection techniques, it’s not just about securing code - it’s about securing the coder.

Whether you’re focused on strategy, development, or defence, this session will offer fresh insights, practical takeaways, and a look at where our threat landscape is headed next.

🕕 6-8pm
📍Veracode, 36 Queen Street

The Talks
Security Debt in the Software Supply Chain Synopsis:
In an era where software development is accelerating rapidly, Veracode's latest research reveals a concerning trend: 50% of organisations are burdened by critical security debt, with 70% of these vulnerabilities originating from third-party code and the software supply chain. The average time to fix security flaws has increased to 8.5 months, marking a 47% rise over the past five years.This session will delve into the key findings of the State of Software Security report, offering a comprehensive understanding of the current landscape. Amanda will explore the five critical metrics identified by Veracode that benchmark security maturity and what defines a ‘leading’ or ‘lagging’ organisations.Attendees will gain insights into:

• The impact of third-party code on security debt and strategies to mitigate associated risks.
• The importance of remediation speed, with fast-acting teams reducing critical security debt by up to 75% .
• The role of AI in enhancing remediation efforts and addressing the backlog of security debt.
• Practical recommendations for improving security posture, including enhancing visibility across the software development lifecycle and prioritising vulnerabilities effectively.

Join to learn how to assess your organization's security maturity, benchmark against industry leaders, and implement strategies to reduce security debt and enhance resilience in the face of evolving cybersecurity challenges.

Hallucinated Code, Real Threats: Malicious Packages in the Age of AI Synopsis:
As AI coding assistants rapidly gain adoption, they’re introducing a new and largely unguarded attack vector: hallucinated packages and malicious code recommendations. This talk unpacks recent research - including real-world, nation-state-attributed attacks - revealing how AI can unknowingly guide developers to introduce compromised dependencies.

With attackers now targeting developers through open-source ecosystems and prompt injection techniques, it's no longer just about securing code - it's about securing the coder.

Learn what these emerging threats look like and how to start building defences before they take root in your pipeline

RSVP to join us!

Join the community:
Can't make it to the event? Keep up to date with our activities on LinkedIn & Twitter