Skip to main content
ISC2 Security Congress 2024 Main banner
 
Icon Legend
Additional Fee Required
Additional Fee Required
Pre-Registration Required
Pre-Registration Required
Online & Virtual
Online & Virtual
Onsite Only
Onsite Only
Earn CPE Credits
Earn CPE Credits
Livestreamed Session
Livestreamed Session
Included in Guest Pass
Included in Guest Pass
Invite Only
Invite Only
Session Recorded
Session Recorded
Student Experience
Student Experience
Back

On-Site Only

Software Security

Learning Bytes: Four Types of Supply Chain Attacks Development Teams Should Worry About (Sponsored by Black Duck Software)

Monday, October 14, 2024
12:45pm – 1:10pm PT
Location: Theatre 2
CPE Credits 0.25
Onsite Only Earn CPE Credits

    Sponsor Session Speaker(s)

  • Mike McGuire

    Senior Security Solutions Manager
    Black Duck, United States

Log4Shell, SolarWinds, CodeCov and the npm package repository are all associated with some type of software supply chain risk or incident, but each represent completely different attack vectors. As we depend more on build and release automation and third-party dependencies, we need to better understand how threat actors exploit those to attack the consumers of our software. In this Learning Bytes session, you’ll learn:
• The riskiest points of your software development lifecycle
• The four most common supply chain attacks, with real world examples
• How to create a firewall around our software supply chain to protect your software and your customers

Back to Top