Owning an Enterprise With Three Lines of Code

Achim D. Brucker

Today, Software is rarely developed "on the green field": software developers are "composers" that build new system by combining existing (Open Source) solutions. Custom code is, in many development projects, a curiosity.

As a result, all software depends on open source projects, which, sometimes, are as small as three lines of code or as large as several millions lines of code. One the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be powned or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.

In this talk, I will discuss, using real world examples, the security threats of using software dependencies carelessly and provide recommendations that help to minimise this risk.

Schlüsselwörter:
Kategorien:
Dokumente:

QR Code for talk:brucker:steelcon-sw-supply-chain-security:2019.Bitte zitieren sie diesen Artikel wie folgt:
Achim D. Brucker. Owning an Enterprise With Three Lines of Code. SteelCon, 13. jul. 2019.
(Folien) (Handout) (BibTeX) (Share article on LinkedIn. Share article on CiteULike.)

BibTeX
@Talk{ talk:brucker:steelcon-sw-supply-chain-security:2019,
abstract = {Today, Software is rarely developed "on the green field": software developers are "composers" that build new system by combining existing (Open Source) solutions. Custom code is, in many development projects, a curiosity.\\\\As a result, all software depends on open source projects, which, sometimes, are as small as three lines of code or as large as several millions lines of code. One the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be powned or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.\\\\In this talk, I will discuss, using real world examples, the security threats of using software dependencies carelessly and provide recommendations that help to minimise this risk.},
author = {Achim D. Brucker},
day = {13},
event = {SteelCon},
handout = {https://www.brucker.ch/bibliography/download/2019/talk-brucker-steelcon-sw-supply-chain-security-2019-2x2.pdf},
isodate = {2019-07-13},
lecturer = {Achim D. Brucker},
location = {Sheffield, UK},
month = {jul},
slides = {https://www.brucker.ch/bibliography/download/2019/talk-brucker-steelcon-sw-supply-chain-security-2019.pdf},
slideshare = {key/hGiq3kmB4QFGMI},
slideshare_height = {485},
slideshare_width = {595},
title = {Owning an Enterprise With Three Lines of Code},
url = {https://www.brucker.ch/bibliography/abstract/talk-brucker-steelcon-sw-supply-chain-security-2019},
video = {https://youtu.be/qftV92e_ktg},
year = {2019},
}