About this event
The Security Meetup, hosted by GitHub and OWASP, is a great occasion to connect with other security researchers, developers and managers, by discussing all things security, sharing tips and tricks and networking. Enjoy tasty food and crafted cocktails too!
Please complete the form below to reserve your spot.
Date | Wednesday, February 8, 2023
Time | 5:00 p.m. - 8:00 p.m.
88 Colin P Kelly Jr St. San Francisco, CA 94107
- 5:00 - Check in, grab some food/drinks and network
- 5:45 - Introductions and free security features on GitHub
- 6:00 - 6:45 - Building trust in your container supply chain
- 6:45 - 7:30 - Every risk is not a CVE: Bolster up against software supply chain attacks
- 7:30 - Networking
- 8:00 - Conclusion
Building trust in your container supply chain
Sai Santosh Vernekar| Senior Information Security Analyst, Kohl’s
Swarup Natukula | Senior Information Security Analyst, Kohl’s
Applications are made up of software components. The supply chain is at the heart of developing, delivering, maintaining, and scaling applications. It is critical to understand the risk in each component in order to safeguard the supply chain. End-to-end security is critical to mitigating the risks associated with open source software, regardless of the application that is being created.
In this talk, we will look at the challenges associated with the "Container" supply chain, as well as some of the technology, processes, and tools that you can use to create confidence in your container supply chain.
Every risk is not a CVE: Bolster up against software supply chain attacks
Varun Badhwar, Founder/CEO of Endor Labs
3rd party and open source software components are both desired and indispensable ingredients used throughout the development lifecycle, but their consumption comes with considerable security risks, both for the developer herself and her downstream users. The rise of corresponding security incidents demonstrates that adversaries discovered those attack vectors as a viable and scalable attack pattern.
We will present a comprehensive, comprehensible and technology-agnostic taxonomy of attack vectors, created on the basis of hundreds of real-world incidents, and validated by experts in the domain. An interactive visualization of this taxonomy, available as open source itself, will be demoed throughout the talk to explain different techniques at the disposal of attackers, supported by real-world examples.
Following, we will discuss the types of defenses you can put in place to detect and respond to such modern day attacks.
Please complete the form below to reserve your spot before Monday, February 6, 2023 6pm PST. Space is limited.
Looking forward to connecting at the Security Meetup 🔒
This event has passed