Supply Chain Security for OpenSource Projects – it’s time to prepare!
Sven Ruppert spent almost 20 years as a consultant worldwide in automotive, aerospace, insurance, banking, UN and WorldBank before joining JFrog as a developer advocate. Sven has been giving lectures at international conferences and regularly publishing online and in classic magazines and books for nearly ten years. As a developer advocate for JFrog, Sven deals with DevSecOps, cybersecurity and cyberdefense, and traditional developer topics such as Core Java/Kotlin, mutation, and distributed unit testing.
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on in the beginning? This, of course, raises the question of suitable methods and tools. At the same time, the company’s strategic orientation must be included in this security strategy.
In the recent past, we have also learned that attacks such as the “Solarwinds Hack” are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
We deal with the following questions:
First, what potential threats are there in general?
Second, what are classic attack points in software development from the source code to binary?
Third, what free tools are there, and where should they be used?
Finally, how can I arm myself against the challenges of cyber attacks today?