Supply Chain Security for OpenSource Projects, with Sven Ruppert

(English version and session details below)
Hola JUGgers, ya estamos de vuelta con una sesión muy especial. Hablaremos sobre seguridad en el desarrollo y el impacto por el uso de open source con un gran experto en la materia y viejo amigo de MálagaJUG, ¡Sven Ruppert!
Sven es developer advocate en JFrog y si le seguís en redes o YouTube, ya sabéis que comparte continuamente contenido muy interesante sobre Java, Kotlin, Dev(Sec)Ops y ciberseguridad/ciberdefensa en general.
Nos encantaría si os unís a nosotros en este evento ¡presencial! para darle la cálida bienvenida que Sven se merece.
Muchas gracias a Accenture por acogernos en sus instalaciones del Málaga TechPark.
Detalles del perfil de Sven y de la sesión a continuación, en inglés.
-----
Hello JUGgers, we are back with a very special session. We will talk about security in software development and the impact of the use of open source software in Today's software supply chains with a superb subject-matter expert, and old friend of MálagaJUG, Sven Rupper!
We would love if you join us in this face to face event and warmly welcome Sven.
Many thanks to Accenture for hosting us in their office in Málaga TechPark.

About the speaker:
Sven is a developer advocate in JFrog, and has spent almost 20 years as a consultant worldwide in automotive, aerospace, insurance, banking, UN and WorldBank before joining JFrog as a developer advocate. Sven has been giving lectures at international conferences and regularly publishing online and in classic magazines and books for nearly ten years. As a developer advocate for JFrog, Sven deals with DevSecOps, cybersecurity and cyberdefense, and traditional developer topics such as Core Java/Kotlin, mutation, and distributed unit testing.

About the talk:
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on in the beginning? This, of course, raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be included in this security strategy.
In the recent past, we have also learned that attacks such as the "Solarwinds Hack" are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
We deal with the following questions:
First, what potential threats are there in general?
Second, what are classic attack points in software development from the source code to binary?
Third, what free tools are there, and where should they be used?
Finally, how can I arm myself against the challenges of cyber attacks today?