OWASP LA Monthly In-Person Meeting - FEB 22, 2023

TOPIC: Every Risk is Not a CVE: Bolster up Against Software Supply Chain Attacks
Join us for great networking, dinner and drinks, and see a presentation by Jamie Scott - Product Manager

ABSTRACT: 3rd party and open source software components are both desired and indispensable ingredients used throughout the development lifecycle, but their consumption comes with considerable security risks, both for the developer herself and her downstream users. The rise of corresponding security incidents demonstrates that adversaries discovered those attack vectors as a viable and scalable attack pattern.
We will present a comprehensive, comprehensible and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents, and validated by experts in the domain. An interactive visualization of this taxonomy, available as open source itself, will be demoed throughout the talk to explain different techniques at the disposal of attackers, supported by real-world examples.
Following, we will discuss the types of defenses you can put in place to detect and respond to such modern day attacks.

Thanks to our Sponsor: Endor Labs
Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.

Vendors interested in sponsoring send an email to sponsorship.la@owasp.org