Managing the Risk of Software Supply Chain Attacks

Wednesday, 30 October, 2024 - 16:0016:40 GMT

Mark Hahn, Qualys

Abstract: 

Open-Source Software (OSS) are flourishing and are getting used by at least 90% of companies. Modern applications are built on webs of open-source code, APIs, and third-party integrations.

Because of this hackers are now compromising weak links in existing software supply chains. Software supply chain (SSC) threats include tampering with updates (tainted updates), compromised third-party libraries, vulnerabilities in open-source packages, malicious code or malware in packages etc. Software Supply Chain attacks have an average increase of 742% per year.

This talk covers ways to prevent software supply chain attacks and how to respond when the ecosystem has been tainted.

Mark Hahn, Qualys

Mark Hahn is the Solutions Architect for Cloud and DevOps Security at Qualys. He uses DevSecOps and Site Reliability Engineering practices to ensure that software and applications are deployed with high velocity and with the utmost security. He shows clients how to build security into software using agile methods and cloud native distributed systems world built for DevOps and rapid change.

BibTeX
@conference {302229,
author = {Mark Hahn},
title = {Managing the Risk of Software Supply Chain Attacks},
year = {2024},
address = {Dublin},
publisher = {USENIX Association},
month = oct
}

Presentation Video