Owning an Enterprise With Three Lines of Code

By Achim D. Brucker.

Today, Software is rarely developed "on the green field": software developers are "composers" that build new system by combining existing (Open Source) solutions. Custom code is, in many development projects, a curiosity.

As a result, all software depends on open source projects, which, sometimes, are as small as three lines of code or as large as several millions lines of code. One the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be powned or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.

In this talk, I will discuss, using real world examples, the security threats of using software dependencies carelessly and provide recommendations that help to minimise this risk.

Please cite this work as follows:
A. D. Brucker, “Owning an enterprise with three lines of code,” presented at the SteelCon conference, Sheffield, UK, Jul. 13, 2019. Author copy: https://logicalhacking.com/publications/talk-brucker-steelcon-sw-supply-chain-security-2019/

BibTeX
@Unpublished{ talk:brucker:steelcon-sw-supply-chain-security:2019,
  date              = {2019-07-13},
  title             = {Owning an Enterprise With Three Lines of Code},
  author            = {Achim D. Brucker},
  venue             = {Sheffield, UK},
  eventtitle        = {SteelCon Conference},
  abstract          = {Today, Software is rarely developed "on the green field":
                       software developers are "composers" that build new system by
                       combining existing (Open Source) solutions. Custom code is, in
                       many development projects, a curiosity.
                       
                       As a result, all software depends on open source projects,
                       which, sometimes, are as small as three lines of code or as
                       large as several millions lines of code. One the one hand,
                       these projects speed up the development. On the other hand,
                       their use requires trust and care: with a few lines of code in
                       an installation script, your development system can be powned
                       or a small vulnerability in a dependency can be the root cause
                       of one of the largest data leaks of the last years.
                       
                       In this talk, I will discuss, using real world examples, the
                       security threats of using software dependencies carelessly and
                       provide recommendations that help to minimise this risk.},
  video             = {https://youtu.be/qftV92e_ktg},
  slideshare        = {key/hGiq3kmB4QFGMI},
  slideshare_width  = {595},
  slideshare_height = {485},
  areas             = {security, software},
  note              = {Author copy: \url{https://logicalhacking.com/publications/talk-brucker-steelcon-sw-supply-chain-security-2019/}},
  pdf               = {https://logicalhacking.com/publications/talk-brucker-steelcon-sw-supply-chain-security-2019/talk-brucker-steelcon-sw-supply-chain-security-2019.pdf},
}