Main Menu
YouTube Channel
Recommended Books
Mailing list
Contact Us

Meetings - Details

The Dark Side of Open Source Productivity

When 2023-11-14 | 18:30:00  
Event Title The Dark Side of Open Source Productivity
Presenter Darren Meyer
Where Manifest Solutions
Event description:


There is a dark side to productivity with open source. In modern applications, the majority of code on which an application is built isn’t code written by your team. Modern applications are built on the backs of volunteer communities and open-source software. These volunteers and their software delivery practices all become potential attack vectors. The truth is that most organizations do not factor open-source supply chain attacks into their organization’s threat models today. Security incidents such as the CodeCov bash uploader script, the npm colors, and faker intentionally introduced malicious commits, and the recent PyPi backdoors targeting AWS credentials highlight the impact of supply chain attacks as a scalable attack pattern. To spread awareness on supply chain attacks so that organizations can scalably handle them we propose baking supply chain attacks into existing threat modeling procedures and software development culture so that organizations can champion supply chain management of open source in the places where they are most impactful, at development time. We will present a comprehensive, comprehensible, and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents and validated by experts in the domain. Following, we will discuss the types of defenses you can put in place to detect and respond to such modern day attacks and how you can work these defenses in based on your program’s maturity.

Video -


Darren Meyer is an Application Security practitioner and leader with 25 years of experience, 18 of which have been focused on AppSec products and programs. Currently the Lead Solution Architect for Endor Labs, he’s passionate about practical and affordable security programs, socio-technical systems, and getting great results from his home espresso machine.

Venue Manifest Solutions
Street address 2035 Riverside Drive Upper Arlington OH 43221

Sponsored Links
Upcoming Events

Tue, Jun 11 - Building Event-Driven Microservices in Java

© 2017 Central Ohio Java Users Group (COJUG)
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.