Security teams nowadays are struggling to contain the risk of software supply chain attacks on their organizations, implementing control of that sort varies from internal controls hardening CI services /hardening developer workstations to demanding compliance to standards from vendors\contactors. However, one of the places security teams having harder time is in the field of open-source software.
The use of third-party software components is part of the modern software development culture with over 90% of engineering teams worldwide building and shipping software that uses external code. While facilitating extreme agility, it also increases the attack surface of organizations as seen in the spike of recent major incidents . It’s known in cybersecurity that you must understand the threat you are facing with. In this session, we will do an overview of the software supply chain flow and deep dive into each one’s weak spots.
We will also demonstrate the ease of conducting this sort of attack and our point of view as a defenders.
Checkmarx, Software Architect
Software Architect with a passion for Serverless development and Infrastructure as Code
Head Of Supply Chain Security Checkmarx
Tzachi Zorenshtain is the Head of SCS, Checkmarx. Prior to Checkmarx, Tzachi was the Co-Founder and CEO of Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open-source software supply chains.