How Much Do You Trust That Package? Understanding The Software Supply Chain
Benno Rice
https://2019.linux.conf.au/schedule/presentation/237/
Did you hear the one where someone gave the maintainership of an npm module to some rando who stuck a cryptocurrency miner in it? Hilarious, right! Well did you also hear the one where someone uploaded malicious packages to PyPI with similar names to popular packages?
Supply chain security is a huge issue in modern software development, and not just for node.js developers. The prevalence of third-party modules, the lack of maintainer time and compensation, and the speed at which we try to develop means that there are many ways that the software supply chain can cause you headaches.
This talk will discuss the history of the software supply chain, the issues that have cropped up in it and why, and discuss some ways to deal with the risks these create.
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/
#linux.conf.au #linux #foss #opensource
Видео How Much Do You Trust That Package? Understanding The Software Supply Chain канала linux.conf.au
https://2019.linux.conf.au/schedule/presentation/237/
Did you hear the one where someone gave the maintainership of an npm module to some rando who stuck a cryptocurrency miner in it? Hilarious, right! Well did you also hear the one where someone uploaded malicious packages to PyPI with similar names to popular packages?
Supply chain security is a huge issue in modern software development, and not just for node.js developers. The prevalence of third-party modules, the lack of maintainer time and compensation, and the speed at which we try to develop means that there are many ways that the software supply chain can cause you headaches.
This talk will discuss the history of the software supply chain, the issues that have cropped up in it and why, and discuss some ways to deal with the risks these create.
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/
#linux.conf.au #linux #foss #opensource
Видео How Much Do You Trust That Package? Understanding The Software Supply Chain канала linux.conf.au
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
You Can't Unit Test C, Right?The Trouble with FreeBSD"What UNIX Cost Us" - Benno Rice (LCA 2020)Lets LISP like it's 1959A Brief History of I/O"The New COBOL" - Benno Rice (PyCon AU 2019)"Write a single library to handle all input devices, it'll be easy" they said...The Tragedy of systemdLinus Torvalds says GPL v3 violates everything that GPLv2 stood forIs PipeWire ready for audio production (in Q4 2021) ?Making C Less Dangerous in the Linux kernelPrivacy & Security of Desktop Operating Systems | Go Incognito 4.29 Revocable Living Trust Mistakesin-toto: Securing the Entire Software Supply Chain - Santiago Torres, NYUHow to Disappear CompletelyA brief history of FreeBSDEverything you know is wrong: why using big words can made you sound stupidThe kernel report"NTFS really isn't that bad" - Robert Collins (LCA 2020)