September 27-30, 2021
Seattle, Washington, USA + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + Embedded Linux Conference + OSPOCon 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Monday, September 27 • 2:30pm - 3:20pm
(IN-PERSON) Supply Chain Attacks: The New Reality - Susan St. Clair, Whitesource

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
It seemed like we were all learning about a new type of application security attack not that long ago.  What does software supply chain risk mean?  What are the different types of attacks - dependency confusion, brandjacking, typosquatting, package tampering - that we need to be concerned with, and how can I detect them and protect against them?  The new reality is that supply chain attacks from various vectors - open source code, proprietary code, and data harnessed from CI/CD pipelines are in the mainstream news on a regular basis, so much so that governmental regulations are starting to appear.

With new frameworks like Google’s SLSA, the new Executive Order from the US government, and a host of vendor solutions. Where do you start in understanding and addressing your organization’s supply chain risk?
The session presents innovative approaches and tools designed to thwart supply chain threats early in the development lifecycle - before they can be exploited for attacks.

Session takeaways:
  • Supply Chain isn’t just about open source
  • Traditional methods have been largely reactive, aiming to facilitate post-attack investigation and alleviate damage if possible
  • Novel supply chain risk tools offer a proactive approach to combat risk and are easily integrated within the development lifecycle

avatar for Susan St. Clair

Susan St. Clair

Director of Product, Whitesource Software
Susan St. Clair is a passionate cybersecurity advocate at WhiteSource Software, the remediation-centric application security software company. Possessing over 14 years of product management and strategy experience, Susan is responsible for raising awareness of the market need for... Read More →

Monday September 27, 2021 2:30pm - 3:20pm PDT
Elwha B
  OS Dependability