[REMOTE] Do you trust your NuGet packages?
Details
This is the event for people who join the event via Stream.
If you join the event in-person, please RSVP here:
https://www.meetup.com/dotnet-austria/events/311363562
This meetup is organized by DotNetDevs.at (https://dotnetdevs.at/).
Abstract:
For over 14 years, modern .NET development has heavily relied on NuGet packages. But with this convenience comes risk. While supply chain attacks via packages are less frequent in the .NET ecosystem than in the JavaScript world, it is only a matter of time before we face a serious incident.
NuGet and .NET offer features that improve developer productivity — but in the wrong combinations, other features can be abused to execute malicious code during something as simple as a package restore. Understanding these inner workings is key to protecting your applications.
In this talk, you’ll learn how to critically evaluate NuGet packages, identify potential risks, and decide whether they deserve your trust.
Andreas "SabotageAndi" Willich, Team Lead & Senior Software Developer at TechTalk and Chairman of DotNetDevs.at, will share practical insights to help your team safeguard its development loop. After this talk, you will never look at NuGet packages the same way again.
Timetable:
- 18:00: Stream starts at
https://www.twitch.tv/dotnetdevsat or
https://www.youtube.com/c/DotNetDevsAustria - 18:30: Intro
- 18:35: Talk starts
- about 19:30: End
Recordings will be available afterward at https://go.dotnetdevs.at/recordings
This meetup is organized by DotNetDevs.at (https://dotnetdevs.at/).
DotNetDevs.at is sponsored by
- RUBICON IT GmbH (https://www.rubicon.eu/rubicon/)
- JetBrains (https://jetbrains.com)