Session: Preventing Supply Chain Attacks on Open Source Software

Open Source software consumption is taking huge leaps forward, so do the vulnerabilities increase. The more we use open source software, the more risk we accumulate as we are including someone else’s code that could potentially contain vulnerabilities now or in the future.

Do you know how long it takes from the time a vulnerability enters the code base and until it is discovered and disclosed, Rate of fixing?

We will go through the basics, and how to use open source tools like OWASP “Dependency Track” which is a continuous component analysis platform to reduce open source risk. Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM).

Mobile Application also leverage lot of open source and they can also be vulnerable to Supply Chain attacks and there is always a challenge to roll patched versions of the app to app stores after the patching these vulnerabilities and we will be discussing on various ways to make sure the open source components must be Scanned from a software composition and binary analysis.

Attendees will walk away with understanding of software supply chain vulnerabilities and how to prevent them using open source tools.

Session Speakers:

Kavitha Venkataswamy

Kavitha Venkataswamy is a Director, Digital Product Security supporting Enterprise Platforms and Products. Her areas of expertise include Threat Modeling, Security testing, DevSecOps integration, V [Read More]

Srinivasan Rangaraj

Srinivasan Rangaraj is a Senior Information Security Consultant in Enterprise Account Servicing Mobile Platform Product Security. Srini comes from a Security Engineering and Product Consulting back [Read More]

This track
proudly sponsored by