Workshop Advanced 15:00 - 17:00 August 11, 2023

Tal Folkman

Alik Koldobsky

When using Open Source Packages, we tend to rely on strangers to deliver us code. There are many ways to determine the legitimacy of a package, whether it will be the number of stars of the package or the maintainer 's GitHub account credibility.

Unfortunately all you can see can be easily spoofed.

Tal Folkman

Senior Security Researcher, Checkmarx

Tal brings over 7 years of experience to her role as a principal supply chain security research within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.


Alik Koldobsky

Software Engineering Team Leader

Alik is a security researcher and software engineer at Checkmarx supply chain security group, leading the development of the behavior analysis engine of code packages.