Every Risk is Not a CVE: Bolster up Against Software Supply Chain Attacks
Details
NOTE: IN-PERSON EVENT
Abstract:
3rd party and open source software components are both desired and indispensable ingredients used throughout the development lifecycle, but their consumption comes with considerable security risks, both for the developer herself and her downstream users. The rise of corresponding security incidents demonstrates that adversaries discovered those attack vectors as a viable and scalable attack pattern.
I will present a comprehensive, comprehensible and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents, and validated by experts in the domain. An interactive visualization of this taxonomy, available as open source itself, will be demoed throughout the talk to explain different techniques at the disposal of attackers, supported by real-world examples.
Following, I will discuss the types of defenses you can put in place to detect and respond to such modern day attacks.
### Code of Conduct
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy
### Sponsorship
Vendors who are interested in sponsoring OWASP OC monthly meetings, please send an email to orange-county-leaders@owasp.org
Thanks to our Sponsor: Endor Labs
Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.
### Schedule
6:00 pm - Dinner & Networking, food and drink provided
6:30 pm - Presentation
7:30 pm - Raffle and more networking
Sponsors
Become an OWASP-OC Meeting Supporter
Become a meeting supporter by donating $1200 to the chapter.
Google Cloud Security
Meeting Venue Sponsor: Make Google part of your security team
PeopleSpace
Meetup Supporter: A tech startup community fostering startups.
Synopsys
Meeting &Streaming Supporter: helping customers build trust in software.
Security Innovation
Meeting Supporter: Training that goes beyond the code.
Contrast Security
Meeting Supporter: Comprehensive Security Observability for Software
ShiftLeft
Meeting Supporter: Release secure code at scale.
Endor Labs
Meeting Supporter: Use open source without drowning in security noise
Qwiet AI
Meeting supporter: On a mission to change the world of security