- This event has passed.
Securing the Software Dependency Supply Chain – A Practical Study
June 3, 2021 @ 11:30 - 12:30
Online Meetup event: https://www.meetup.com/KTH-Software-Research-Meetup/events/278254406/
In the recent months there have been several high profile software
supply chain attacks leveraging weaker spots in the complex software
supply chain to attack otherwise hard to penetrate targets.
Vulnerabilities in the supply chain is nothing new for security
engineers but is often ignored by the broader development community
whose first goal is to increase efficiency and throughput, which many
times comes at odds with security. This has been researched for example in the paper “A comprehensive study of bloated dependencies in the Maven ecosystem”, or in the blog post “Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies”, and more. This talk will briefly walk through the complexity of a modern software supply chain, and move on to give some theoretical as well as showing in practice “how do we do it” security countermeasures by adopting best practices 3rd party dependency management.
Tomas Gustavsson, Primekey
# Speaker’s bio
Tomas Gustavsson has a MSc from KTH in Stockholm and has been
researching and implementing PKI systems since 1994. He is the founder
and developer of the open source enterprise PKI project EJBCA, a
contributor to numerous open source projects, and a member of the board of Open Source Sweden. As a co-founder of PrimeKey, Tomas is passionate about helping users worldwide find the best possible PKI and digital signature solutions.