DOP 111: What Are Software Supply Chain Attacks?
Posted on Wednesday, Jun 16, 2021
Show Notes
#111: Ever since Alex Birsan published his Dependency Confusion article in February 2021, the concept of the software supply chain has come to the forefront. The supply chain should not be a new concept to people, but many seemed to have been caught off guard. Today we talk about Alex’s article along with a new project that allows you to manage your supply chain security in Tekton.
Links from the episode
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
- Verifiable Supply Chain Metadata for Tekton
- How we’re helping to reshape the software supply chain ecosystem securely
- Software supply chain attacks – everything you need to know
- Defending Against Software Supply Chain Attacks
- The Rise of Software Supply Chain Attacks
- Open Source Insights
Hosts
Viktor Farcic
Viktor Farcic is a member of the Google Developer Experts and Docker Captains groups, and published author.
His big passions are DevOps, Containers, Kubernetes, Microservices, Continuous Integration, Delivery and Deployment (CI/CD) and Test-Driven Development (TDD).
He often speaks at community gatherings and conferences (latest can be found here).
He has published The DevOps Toolkit Series, DevOps Paradox and Test-Driven Java Development.
His random thoughts and tutorials can be found in his blog TechnologyConversations.com.
Links
Rate, Review, & Subscribe on Apple Podcasts
If you like our podcast, please consider rating and reviewing our show! Click here, scroll to the bottom, tap to rate with five stars, and select “Write a Review.” Then be sure to let us know what you liked most about the episode!
Also, if you haven’t done so already, subscribe to the podcast. We're adding a bunch of bonus episodes to the feed and, if you’re not subscribed, there’s a good chance you’ll miss out. Subscribe now!