The vast majority of software running in government, infrastructure, and business uses at least some open-source libraries within that code. This fact, combined with the relative ease of launching an attack against the open-source ecosystem, makes it an attractive target for attackers seeking to create a significant impact - with relatively small effort. For these reasons and others, software supply chain attacks are on the rise and are not likely to go away any time soon, as we saw in the recent Log4j debacle.

In this session, you will see how easy it is to launch an open-source supply chain attack, and share some of the exciting findings in the context of risk within the current ecosystem, and its limitations to detect and block multiple kinds of attacks.