Get Alerts To Cyber Events In Your Region

Newsletter

Recommended Event: Are you the MVP of cybersecurity? Maryland, US, June 1-3, 2026

Restoring Trust in Open Source: Strategies for a Secure Supply Chain

Henry Dalziel
Henry Dalziel Chief Events Curator & Co-Founder
Solution Category Application Security
Type Webinar
Organization JFrog
Event Format Company Webinar

Webinar Description

Modern software development is increasingly challenged by evolving threats that target the software supply chain. Attackers are shifting their focus from traditional code vulnerabilities to weaknesses found in software components managed through package managers and automated pipelines. This trend introduces significant risks at every stage, from development to deployment. Recent industry discussions, drawing on findings from the INCD report “Breaking the Chain,” have highlighted the urgent need for comprehensive, end-to-end protection to address these emerging challenges and safeguard the integrity of software delivery.

Shifting Attack Strategies in the Software Supply Chain

Threat actors are no longer limiting their efforts to exploiting source code vulnerabilities. Instead, they are increasingly targeting imported dependencies and third-party components. These elements, which are widely used and often managed through automated systems, present attractive opportunities for attackers. The transition of software through package managers and pipelines creates gaps that can be exploited, allowing malicious code to be introduced without detection. As a result, organizations face heightened risks that traditional security measures may not adequately address.

Key Techniques Used in Supply Chain Attacks

Several sophisticated techniques are now commonly employed in supply chain attacks. Dependency confusion is a method where attackers upload malicious packages with names similar to legitimate dependencies, deceiving automated systems into integrating them. Another prevalent tactic is typosquatting, which involves registering package names that closely resemble popular libraries, capturing developers who make minor spelling errors. Additionally, the use of artificial intelligence has enabled attackers to automate and scale these attacks, increasing their complexity and making them more difficult to detect and prevent.

Strengthening Security Across the Software Pipeline

Traditional security approaches, such as basic shift-left practices, are often insufficient for countering these advanced threats. Experts recommend that organizations enhance their security posture by integrating pipeline visibility and implementing robust binary security controls. Monitoring the entire software delivery process and scrutinizing every component can help identify and mitigate risks before they reach production. This proactive approach is essential for maintaining the integrity of modern software systems.

Actionable Steps to Build Supply Chain Resilience

  • Establish comprehensive monitoring throughout all stages of the software pipeline
  • Utilize advanced binary analysis tools to uncover hidden vulnerabilities
  • Conduct regular audits and validation of third-party dependencies
  • Provide ongoing education for development teams on emerging supply chain attack methods

By adopting these strategies, organizations can significantly enhance their defenses against modern, component-based attacks. The insights from recent industry discussions offer practical guidance for building a more resilient and secure software supply chain, ensuring that vulnerabilities are addressed before they can be exploited.

Cybersecurity Conferences

The information security community's favorite directory for cybersecurity conferences, events and webinars.

Our Services

Directory
Search Directory
Submissions
Marketing
- Registrations
- Sponsorship

Legal

Privacy
Terms

2026 Concise AC | DBA - Infosec Conferences

Sitemap