What do high-profile incidents like SolarWinds SUNBURST, Codecov bash uploader, Log4Shell, ua-parser-js, or the more recent IconBurst all have in common? They’re all supply chain attacks... except one.

Exploding interest in the security of the software development lifecycle from the media, industry analysts, vendors, and agencies, has left the rest of us, developers and security engineers, with many confusing definitions for supply chain attacks.

Join me on Wednesday, November 2, for a live discussion with Feross Aboukhadijeh, founder and CEO at Socket. Long-time open-source contributor and once application security lecturer at Stanford, Feross will help us break down this complex topic and understand:
The anatomy of supply chain attacks and an example of a sophisticated attack vector: the npm bin script confusion
Why traditional tooling like Software Composition Analysis (SCA) fails at catching malicious open-source dependencies
How Socket helps developers and security engineers identify and block active supply chain attacks
Stay until the end for a lighting demo of Socket; Feross will show us how to inspect JavaScript packages on the npm registry for malicious code!

0:00 Intro

4:39 What is the Software Supply Chain

8:33 Anatomy of a Software Supply Chain Attack

13:30 State of supply chain security in 2022

45:30 Socket Demo

49:43 Questions
1:00:00 Winner and finish