ApacheCon 2016

Building software using open-source libraries is the new normal but the bad guys are trying to spoil the party having figured out that re-usable code means reusable vulnerabilities. In this presentation we will show you how the threat landscape has changed and how the end-to-end open-source software supply chain is being attacked with actual exploits and real examples. We will show you what hackers are doing and how to protect yourself and your team from these attacks so you can carry on shipping safe and secure open-source projects. We will cover:

Bad security advice from Q & A sites
Malicious code editor plugins
When bad things happen to good build and package managers
Trusting binary repositories like Maven central
Vulnerabilities and backdoors in open-source libraries
Hiding bad things in source code management
Abusing continuous integration systems to mine Bitcoins