Legacy software supply chain "exploits", such as Struts incident at Equifax, prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild. Conversely, next-generation software supply chain "attacks" are far more sinister because bad actors are no longer waiting for public vulnerability disclosures. Instead, they are actively injecting malicious code into open source projects that feed the global supply chain.
Join this fireside chat with Ax Sharma, Senior Security Researcher, Sonatype and Michelle Dufty, Senior Vice President, Marketing Sonatype to:
1) Understand software supply chain attacks and their impact on the open-source ecosystem
2) Deep dive into prominent real-world examples of dependency confusion, typosquatting and brandjacking malware
3) Learn how your organization can proactively protect itself against software supply chain attacks