March 2019 - Software supply chain risks of using 3rd party repositories - Alex Devries

bMIUD8TvSFM/default.jpg

An aspect of DevSecOps is increased use of 3 rd party components. As software becomes more complex, developers are more dependent on online repositories. Examples of this are OS vendors' package repos, Dockerhub, and language repositories for Go, PHP and Ruby. An evaluation was done on the Python's online repository Pypi. A scan showed that 1% of the most commonly used packages contained known known vulnerabilities. Worse, there was no formal process to deal with these problems. Mitigations to these risks will be presented.

Bio:
Alex deVries is a security architect and has experience developing SDLC programs, security incident response and penetration testing. He has a background in Linux OS development.

bMIUD8TvSFM/default.jpg
March 2019 - Software supply chain risks of using 3rd party repositories - Alex Devries March 2019 -  Software supply chain risks of using 3rd party repositories - Alex Devries Reviewed by Unknown on March 30, 2019 Rating: 5