11 June 2024 13h30-14h00
Arnaud Stoz
When developing software, developers and companies usually rely on numerous external libraries. According to GitHub State of the Octoverse Report 2019, open-source projects have an average of 180 package dependencies. The same goes for commercial and closed-source software, although no official numbers are available.
For an attacker, it is enough to compromise one of these dependencies to break into the network or data of the final user of the software. The SolarWinds attack is the most famous example of this new threat. But more recently, the xz hack showed us that the the software supply chain is more than ever a valuable target for threat actor.
This new emerging threat is complicated to counter as the attack surface is extremely broad.
In the first part of this webinar, we will explore the software supply chain architecture which mainly depends on a central system and explore the attack surface.
In the second part, we will see how some attack vector could be mitigated using a distributed system based on the Ethereum blockchain, smart contract and decentralized storage. This decentralized property could allow to create a software supply chain more robust by reducing the attack surface.