Wednesday, September 15, 2021

OPEN TALK: Cybersecurity at a Global Scale: Addressing Next Generation Supply Chain Issues in Open Source Ecosystems
Join on Hopin
Sal Kimmich
Sal Kimmich
Sonatype, Developer Advocate

The landscape of cybersecurity is rapidly changing. Traditional, or “Legacy Attacks” used to target code downstream in open source code running in production, but the next generation of attacks is in manufacturing upstream Typo-squatting campaigns, Malicious Code Injection directly at source and Tool Tampering in development stream, all of which pose risks from the biggest corporations to the smallest hobbyist project as we all rely on the same open source ecosystems to do our work. The reality of the modern development landscape is that in a world of continuous integration and delivery, we have to start thinking about continuous security in open source security. This talk will describe the security taxonomy that offers the ability to detect, report and resolve vulnerability and malware attacks before they make their way into our applications, and to provide actionable recommendations when new vulnerabilities in distributions are surfaced in open source repositories.