Beyond the CVE: Addressing Novel Supply Chain Risks

Presented by

FOSSA Security Team

About this talk

Identifying and mitigating known vulnerabilities in open source code has long been a foundational part of secure software development. But over the past year, we’ve seen an increase in novel software supply chain attacks happening before CVEs are published. As a consequence, focusing on remediating CVEs — without accounting for other indicators of vulnerable open source — can put applications at risk. Join FOSSA security experts on Wednesday, May 25 to explore these emerging signs of risky or compromised open source packages — and to get actionable guidance on addressing them. We’ll discuss challenges and solutions in areas like: -Empty packages -Abandonware -Remote dependencies -Typosquatting
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6425)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.