David Archer, Endor Labs

David Archer, Endor Labs

As a software developer with over a decade of experience and countless interactions with application security teams, I’ve discovered the unsettling complexities of modern software production. Despite what I thought I knew, the reality was far more intricate.

Modern software development is a sprawling network of open-source dependencies, sophisticated build tools, plugins, pipelines, and runtimes. These components are fundamental in securing critical sectors of our daily lives—finance, healthcare, infrastructure, transportation, and social interactions. However, this supply chain is under relentless attack and many of the potential threats are poorly understood.

This talk will delve into specific vulnerabilities, such as dependency poisoning and pipeline compromises, that exemplify the challenges we face. We’ll explore strategies to mitigate these threats and discuss practical takeaways that attendees can immediately implement in their software development practices. Expect to leave with a deeper understanding of supply chain security and with ideas to fortify your software factory against these escalating threats.


Open Source Security Foundation

Print This Page Print This Page