Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

CIISec Master Class: Attacking The (Software) Supply Chain

Modern systems, ranging from (smart) IoT devices to enterprise software applications, are rarely developed “on the green field”: modern developers are “composers” that build systems by combining existing solutions with own developments. It is not uncommon that the final product consists of up to 90% of third-party components.

On the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be powned or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.

Want to learn more? Attend the CIISec Masterclass on the 17th February 2021. In this masterclass, I will discuss, using real world examples, the security threats of using software dependencies carelessly and provide recommendations that help to minimize this risk.