The Challenges of 3rd Party Software Risk: From Contributions to Consumption

AI is accelerating long-standing third-party software risks, making it harder to trust code that organizations did not create. As open source ecosystems face increasing volumes of AI-generated contributions, traditional challenges around dependency trust, visibility, and validation are becoming more complex and urgent.

The discussion explores how proven security practices can still apply in this fast-moving environment. It examines ways to evaluate upstream contributions, move beyond static SBOMs toward actionable risk decisions, and manage third-party code without slowing development. Attendees will gain practical insight into balancing security and velocity while addressing evolving supply chain threats in modern software development.