No announcement yet.

Red Teaming the Open Source Software Supply Chain

  • Filter
  • Time
  • Show
Clear All
new posts

  • Red Teaming the Open Source Software Supply Chain

    Title: Red Teaming the Open Source Software Supply Chain

    Description: Open source software supply chain has enabled great innovation, but there are a unique set of risks from this supply chain. While not a new topic, everyone from software users to governments have started to pay attention to the security risks that have emerged from the success of--and our dependence on—open source software. Some solutions proposed are not popular among open source developers and maintainers. Even worse, much of the discussion does not directly involve those with an attacker mindset, relying on just a few high profile incidents.

    This session will bring together experts from the open source ecosystem with security experts to think about OSS security from an attacker’s perspective. We’ll go through a few scenarios collectively, and then brainstorm more in small groups, sharing them out. Each attack scenario will then be evaluated against potential defensive measures.

    Aeva Black, Technical Advisory Committee, Open Source Software Foundation; Board Member, Open Source Initiative
    Allan Friedman, CISA OSS Security Lead

    Start: August 12, 2022 12:00
    End: August 12, 2022 13:45
    Location: DEF CON Policy Collaboratorium