Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

Supply-Chain Security in Open-Source Software

Last week we started the Autumn 2019 Building Network Automation Solutions online course with an interesting presentation from Matthias Luft focused on open-source supply chain security

TL&DR: Can I download whatever stuff I found as my first Google hit and use it in my automation solution? ****, NO!

Matthias covered these topics:

  • Discovering dependencies in large open-source projects;
  • The basics of supply chain security and trust;
  • Technical mechanisms one can use to increase trust, and heuristics of trust;
  • An overview of well-known software supply chain security incidents (including YAML/JSON parsing vulnerability in Ansible)
  • Fundamental challenges we’re facing in brave new open-source world (from unknown authors to unknown security posture of source code)
  • Potential mitigations, including a pragmatic approach of establishing an in-house software inventory and monitoring vulnerability feeds)

Anyone ever attending the automation course can already access the materials (we believe in lifetime access)… and if you never attended the course you can get them with Expert Subscription.

Please read our Blog Commenting Policy before writing a comment.

No comments:

Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.