Breakout Session
1:07 PM - 1:37 PM (EST)
Open Source Supply Chain Threat Landscape, a Moving Target

There are growing numbers of organized attackers whose sole focus is exploiting vulnerabilities in open source ecosystems, frequently by making their malware appear legitimate. Security and development teams need to understand the cascading impacts and changing landscapes of these exploitations and put developer-first security tools in the hands of developers everywhere. Brian Fox, CEO of Sonatype, leads this breakout session to explore how attacks have evolved over the last 15 years and provide a framework to mature your process and counter the latest types of attacks. Everyone involved in the creation of or consumption of Open Source components needs to recognize how the attacks have evolved and how to structure their supply chain and application security to deal with modern threats. As our ecosystem continues to come under attack, many knee-jerk reactions from outside parties are being imposed on us. The better informed and prepared we can all be about this topic, the more we can control our own destiny and avoid undue regulations and the negative impacts of further attacks.

Brian Fox