Attacking Applications via Upstream Dependency Maintainers

Presented by

Matt Schwartz, FOSSA Engineer

About this talk

Open source software has drastically increased code reusability and access while decreasing the cost and time to deliver reliable code. It has become so commonplace and ubiquitous that over 90% of production software is now written and maintained by external parties. But these benefits come with some measure of potential risk in the form of an expanded attack surface. Securing your own code and developers’ tools is no longer enough to defend against all threats. This presentation will explore how vulnerabilities are discovered, verified, and the scope of impact they could have if they were exploited by a malicious party. More importantly, we will also cover the steps that can be taken to protect projects and their use of open source software from being vulnerable to dependency confusion attacks.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (25)
Subscribers (2788)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.