Session 1: Tracking Attackers in Open-source Supply Chain Attacks—the New Frontier
This talk will discuss the threat landscape of open-source software. This session is intended for anyone relying on open source packages who want to fully understand their entire software supply chain and the threats that come with it to protect themselves and their customers adequately. I will also discuss how threat intelligence can be used to stop attacks before they can cause any harm.
Presenter: Jossef Harush Kadouri, Head of Supply Chain Security, Checkmarx
Session 2: Hacking Any Organization Through the Software Supply Chain
This session will provide the right toolset for each type of defender. Topics discussed will include different frameworks (SLSA, SAMM, BSIMM, SAFECode, SSDF, BSA, CMCC ) to conclude who can benefit from what. Some of these are very hands-on while others come from a compliance angle. Attendees of this session will leave having learned what they can do against supply chain attacks. Everyone from a down-in-the-dirt developer to a compliance oriented CISO will take away ideas for their individual starting point.
Presenter: Felix Leder, Senior Director, Crosspoint Labs
Session 3: Control What We Can—Open Source Incidents and How We Respond
In recent years, there has been a sharp rise in supply chain attacks, a type of cyber attack that targets the systems and networks of third-party vendors or suppliers in order to gain access to the systems of a larger target organization. These attacks that were happening once or twice a year are now happening several times a quarter or even a month. These attacks can be difficult to detect and defend against, as the initial point of entry is often a trusted source, making them a significant threat to organizational security. In this session, we will talk about how, as an industry, we need to shift our thinking about supply chain attacks incident response away from a pure security problem to a more organization-wide operational event.
Presenter: Jen Trahan, SVP of Product, Application, Cloud Security , Warner Bros. Discovery