ApacheCon 2016 has ended
Back To Schedule
Friday, May 13 • 3:45pm - 4:35pm
The new threat landscape of open-source security - Mark Curphy, SourceClear

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Building software using open-source libraries is the new normal but the bad guys are trying to spoil the party having figured out that re-usable code means reusable vulnerabilities. In this presentation we will show you how the threat landscape has changed and how the end-to-end open-source software supply chain is being attacked with actual exploits and real examples. We will show you what hackers are doing and how to protect yourself and your team from these attacks so you can carry on shipping safe and secure open-source projects. We will cover:

Bad security advice from Q & A sites
Malicious code editor plugins
When bad things happen to good build and package managers
Trusting binary repositories like Maven central
Vulnerabilities and backdoors in open-source libraries
Hiding bad things in source code management
Abusing continuous integration systems to mine Bitcoins


Mark Curphey

CTO, Open Raven
Mark Curphey is CEO of SourceClear, the security company for software developers. He founded OWASP (http://www.owasp.org) when he ran software security at Charles Schwab and has written chapters on software security in books published by O’Reilly. http://www.curphey.com John Viega... Read More →

Friday May 13, 2016 3:45pm - 4:35pm PDT
Georgia B