SOSS Community Day Europe 2024

Throughout the presentation, I dive into software supply chain attacks and explain how they unfold incrementally. By understanding the latter, attendees will learn how to analyze their processes for software ingestion, integration, and testing to account for Supplier Risk. A particular emphasis is placed on open source software, highlighting both its benefits and vulnerabilities in the software supply chain. Attendees will also understand how the risk-based model can respond to software supply chain attacks even when they are not detected until later in the software supply chain, and gain critical insight into the kinds of changes needed in their processes and software tools, including open source solutions, to support this approach.