Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 13 • 3:45pm - 4:35pm
The new threat landscape of open-source security - Mark Curphy, SourceClear

Sign up or log in to save this to your schedule and see who's attending!

Building software using open-source libraries is the new normal but the bad guys are trying to spoil the party having figured out that re-usable code means reusable vulnerabilities. In this presentation we will show you how the threat landscape has changed and how the end-to-end open-source software supply chain is being attacked with actual exploits and real examples. We will show you what hackers are doing and how to protect yourself and your team from these attacks so you can carry on shipping safe and secure open-source projects. We will cover:

Bad security advice from Q & A sites
Malicious code editor plugins
When bad things happen to good build and package managers
Trusting binary repositories like Maven central
Vulnerabilities and backdoors in open-source libraries
Hiding bad things in source code management
Abusing continuous integration systems to mine Bitcoins

Speakers
MC

Mark Curphey

CEO, SourceClear
Mark Curphey is CEO of SourceClear, the security company for software developers. He founded OWASP (http://www.owasp.org) when he ran software security at Charles Schwab and has written chapters on software security in books published by O’Reilly. http://www.curphey.com John Viega has written a collection of books on software security including Building Secure Software, Network Security with OpenSSL and Secure Programming Cookbook for C and... Read More →


Friday May 13, 2016 3:45pm - 4:35pm
Georgia B

Attendees (35)