Attackers know that the majority of modern application code is composed of open source software. Today, Checkmarx researchers witness, in real-time, attackers planting packages with malicious code into open source software supply chains. As a result, as application developers perform builds, malicious code becomes part of the applications you are publishing. Making matters even worse, malicious packages are not tracked like CVEs on Mitre.org – organizations have no idea that they have just become a victim because typical application security testing solutions are blind to these attacks. These security concerns are not inherent to the open source software itself, but rather, how the malicious software propagates throughout supply chains.
Attend this session because you need to know:
- Techniques attackers use to plant malicious code in the supply chain
- The differences between identifying OSS with vulnerabilities and outright malicious packages
- Steps to take now so you do not fall victim to these attacks
- How to focus mitigation and remediation efforts without disrupting development teams