
By Achim D. Brucker.
Today, Software is rarely developed "on the green field": software developers are "composers" that build new system by combining existing (Open Source) solutions. Custom code is, in many development projects, a curiosity.
As a result, all software depends on open source projects, which, sometimes, are as small as three lines of code or as large as several millions lines of code. One the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be powned or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.
In this talk, I will discuss, using real world examples, the security threats of using software dependencies carelessly and provide recommendations that help to minimise this risk.
Please cite this work as follows: A. D. Brucker, “Owning an enterprise with three lines of code,” presented at the SteelCon conference, Sheffield, UK, Jul. 13, 2019. Author copy: https://logicalhacking.com/publications/talk-brucker-steelcon-sw-supply-chain-security-2019/
@Unpublished{ talk:brucker:steelcon-sw-supply-chain-security:2019,
date = {2019-07-13},
title = {Owning an Enterprise With Three Lines of Code},
author = {Achim D. Brucker},
venue = {Sheffield, UK},
eventtitle = {SteelCon Conference},
abstract = {Today, Software is rarely developed "on the green field":
software developers are "composers" that build new system by
combining existing (Open Source) solutions. Custom code is, in
many development projects, a curiosity.
As a result, all software depends on open source projects,
which, sometimes, are as small as three lines of code or as
large as several millions lines of code. One the one hand,
these projects speed up the development. On the other hand,
their use requires trust and care: with a few lines of code in
an installation script, your development system can be powned
or a small vulnerability in a dependency can be the root cause
of one of the largest data leaks of the last years.
In this talk, I will discuss, using real world examples, the
security threats of using software dependencies carelessly and
provide recommendations that help to minimise this risk.},video = {https://youtu.be/qftV92e_ktg},
slideshare = {key/hGiq3kmB4QFGMI},
slideshare_width = {595},
slideshare_height = {485},
areas = {security, software},
note = {Author copy: \url{https://logicalhacking.com/publications/talk-brucker-steelcon-sw-supply-chain-security-2019/}},
pdf = {https://logicalhacking.com/publications/talk-brucker-steelcon-sw-supply-chain-security-2019/talk-brucker-steelcon-sw-supply-chain-security-2019.pdf},
}