What do high-profile incidents like SolarWinds SUNBURST, Codecov bash uploader, Log4Shell, ua-parser-js, or the more recent IconBurst all have in common? They’re all supply chain attacks... except one.

Exploding interest in the security of the software development lifecycle from the media, industry analysts, vendors, and agencies, has left the rest of us, developers and security engineers, with many confusing definitions for supply chain attacks.

Join me on Wednesday, November 2, for a live discussion with Feross Aboukhadijeh, founder and CEO at Socket. Long-time open-source contributor and once application security lecturer at Stanford, Feross will help us break down this complex topic and understand:

The anatomy of supply chain attacks and an example of a sophisticated attack vector: the npm bin script confusion

Why traditional tooling like Software Composition Analysis (SCA) fails at catching malicious open-source dependencies

How Socket helps developers and security engineers identify and block active supply chain attacks

Stay until the end for a lighting demo of Socket; Feross will show us how to inspect JavaScript packages on the npm registry for malicious code!

P.S. Register now to enter the draw and win a $50 Amazon Gift Card!

Supply Chain Attacks: The True, the False, and the Most Lethal.