Four Types of Supply Chain Attacks Development Teams Should Worry About

Logo
Presented by

Mike McGuire, Senior Security Solution Manager

About this talk

Log4Shell, SolarWinds, CodeCov, and the npm package repository are all associated with some type of software supply chain risk or incident, but each represents completely different attack vectors. As we depend more on build and release automation and third- party dependencies, we need to better understand how threat actors exploit them to attack the consumers of software. In this session, you’ll learn • The riskiest points of your software development life cycle • The four most common supply chain attacks, with real-world examples • How to create a firewall around the software supply chain to protect your software and your customers
Related topics:

More from this channel

Upcoming talks (13)
On-demand talks (121)
Subscribers (65666)
Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®