Nov
2
4:00pm
Supply Chain Attacks: The True, the False, and the Most Lethal.
By GitGuardian
What do high-profile incidents like SolarWinds SUNBURST, Codecov bash uploader, Log4Shell, ua-parser-js, or the more recent IconBurst all have in common? They’re all supply chain attacks... except one.
Exploding interest in the security of the software development lifecycle from the media, industry analysts, vendors, and agencies, has left the rest of us, developers and security engineers, with many confusing definitions for supply chain attacks.
Join me on Wednesday, November 2, for a live discussion with Feross Aboukhadijeh, founder and CEO at Socket. Long-time open-source contributor and once application security lecturer at Stanford, Feross will help us break down this complex topic and understand:
- The anatomy of supply chain attacks and an example of a sophisticated attack vector: the npm bin script confusion
- Why traditional tooling like Software Composition Analysis (SCA) fails at catching malicious open-source dependencies
- How Socket helps developers and security engineers identify and block active supply chain attacks
Stay until the end for a lighting demo of Socket; Feross will show us how to inspect JavaScript packages on the npm registry for malicious code!
I look forward to seeing you there!
Mackenzie from GitGuardian🦉
P.S. Register now to enter the draw and win a $50 Amazon Gift Card!
hosted by
GitGuardian
share