Open Source Summit Europe 2024

Software supply chain attacks are on the rise, but what does that really mean for you and your organization? The recently discovered xz backdoor serves as a stark reminder of the potential nightmares lurking in compromised software supply chains. Have you found yourself wondering about incidents like SolarWinds, Log4Shell, and now the xz backdoor, and why they caused such a commotion? If you've been left scratching your head, thinking "Isn't this just an issue for big tech companies?", this session is for you. In this talk, we will explore software supply chain security and explore why it's important for organizations of all sizes. Through real-world case studies, including a deep dive into the xz backdoor, attendees will understand the risks and potential consequences of supply chain attacks. The session will not be all doom and gloom, however. The presenter will introduce attendees to the Open Source Security Foundation (OpenSSF)'s Sigstore project, which is making supply chain security more approachable and accessible.