Hardly Strictly Security

Going beyond compliance with cybersecurity experts and open-source professionals.

21 min

How secure is your open source project? A story about open source software supply chains

Open source contributes a significant part of the applications that our teams build everyday. Unfortunately, criminals have found that attacking the supply chains underpinning these open source projects is a very effective way to gain access to many targets at once. We saw this recently with the xz-utils/liblzma software supply chain attack. Customers are waking up to the fact that the bad guys have the ability, and are inclined to spend years building sophisticated attacks on the open source software we all depend on. In this talk Paul will describe a real-world software supply chain issue he ran into and how it affected the customer. Luckily this wasn't an attack, but it had significant consequences for the customer consuming open source. This presentation will also describe a number of tools and processes for identifying risk in open source software supply chains.

Paul McCarty

Paul McCarty

Red Team Staff Engineer at GitLab

Thumbnail for Welcome Keynote - Democratizing the language of cybersecurityThumbnail for Essential Open Source Learnings for Security SuccessThumbnail for ZAP Authentication: What, why and how?Thumbnail for TrashPanda - Using Nuclei to rummage through your cloudsThumbnail for Cloud resource management in the playgroundThumbnail for Navigating our future battlefield: Exploring the intersection of cybersecurity and AIThumbnail for Growing VC interest in open source security companiesThumbnail for Betting on the right horse, when the odds on open source are in your favorThumbnail for Hardening your perimeter with open source toolingThumbnail for Journey into ethical hackingThumbnail for Zero to 1: Getting started with cybersecurityThumbnail for Sliver: An open source red team frameworkThumbnail for The software sausage is past its expiration date: Current state of software supply chain securityThumbnail for (The) Postman carries a lot of secretsThumbnail for Safeguarding digital frontiers: Exploring AI's role in open source securityThumbnail for Beyond Code: Leveraging open source strategies for red teamingThumbnail for How secure is your open source project? A story about open source software supply chains
How secure is your open source project? A story about open source software supply chains | Hardly Strictly Security