DOP 111: What Are Software Supply Chain Attacks?
Show Notes
#111: Ever since Alex Birsan published his Dependency Confusion article in February 2021, the concept of the software supply chain has come to the forefront. The supply chain should not be a new concept to people, but many seemed to have been caught off guard. Today we talk about Alex’s article along with a new project that allows you to manage your supply chain security in Tekton.
Links from the Episode
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
- Verifiable Supply Chain Metadata for Tekton
- How we’re helping to reshape the software supply chain ecosystem securely
- Software supply chain attacks – everything you need to know
- Defending Against Software Supply Chain Attacks
- The Rise of Software Supply Chain Attacks
- Open Source Insights
Share and Download
Hosts
Viktor Farcic
Viktor Farcic is a member of the Google Developer Experts and Docker Captains groups, and published author.
His big passions are DevOps, Containers, Kubernetes, Microservices, Continuous Integration, Delivery and Deployment (CI/CD) and Test-Driven Development (TDD).
He often speaks at community gatherings and conferences.
He has published DevOps Paradox and Test-Driven Java Development.
His random thoughts and tutorials can be found in his blog The DevOps Toolkit.