How Much Do You Trust That Package? Understanding the Software Supply Chain
linux.conf.au via YouTube
Overview
This course aims to help learners understand the importance of software supply chain security in modern software development. By discussing the history of the software supply chain, the issues that can arise, and ways to mitigate risks, participants will gain insights into the challenges posed by third-party modules and the lack of maintainer time. The course covers topics such as package availability, lack of maintenance, breaking into code, and strategies for dealing with these risks. The intended audience for this course includes software developers, engineers, and anyone involved in software development concerned about the security of their software supply chain. The teaching method involves a presentation style lecture with real-world examples and practical advice.
Syllabus
Intro
The Supply Chain
Unavailability
Defects
Bugs
Package Availability
Lack of Maintenance
Breaking Into Your Code
Python Nation
Colorama
NPM
Ecosystem
Electron
JavaScript
Mitigating Risks
The Dam Maintainer
Upgrades and Updates
Auditing
Summary
Everything
Taught by
linux.conf.au