90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations.
With GenAI quickly becoming a popular tool for developers to generate code, a new threat has emerged. AI package hallucinations is one of the more recent attack types within supply chain that is easy to execute and can have devastating effects. During this presentation we will give an over view of Supply Chain Security with some examples of the current threats, discuss AI package hallucinations, and preventative measures.
Meet the Speaker:
Tzachi is the head of supply chain security at Checkmarx, and was the co-founder and CEO at Dustico, a software supply chain security startup that was acquired by Checkmarx in 2020. Prior to Dustico, Tzachi built custom solution for automating malware analysis, SOC automation, securing micro services, and designing network sensors at Palo Alto Networks.