I will be presenting at Project Discovery’s inaugural “Hardly, Strictly Security Conference” April 25th
What is the “Hardly, Strictly Security Conference”?
Hardly, Strictly Security (HSS) is the only cybersecurity conference focused on leveraging the power of open source. This one day, single track virtual event will focus on the opportunities of incorporating an open source strategy within your security program. We’ll cover topics from getting started to scaling, governance, and more…This conference is for security engineers, red teams, bug bounty hunters, and anyone who wants to celebrate and continue to leverage the power of open source to help make our world more secure.
This presentation is entitled “How secure is your open source project? A story about open-source software supply chains”.
This is a true story about my experience working with a startup that introduced a software supply chain vulnerability into their application. I was called in to “fix” the problem which ended up being a much bigger thing for this company.
I will also talk about the recent xz-utils software supply chain attack that saw a malicious backdoor added to one of the most popular compression utilities out there.