Most modern applications are assembled from open-source components. However not all open-source components are created equally or maintained properly. As a result, we are seeing an increase in software supply chain attacks. This presentation will cover 5 steps to improve your software supply chain security and better protect yourself from threats. Especially those that often emerge as a surprise when vulnerabilities are disclosed for components you didn't even know you had.
Edwin Kwan is a DevSecOps advocate and strong believer in having a developer focused approach towards embedding security into the software development life cycle. Trained as a software engineer, he transitioned into security 9 years ago and now heads up the application security and security advisory teams at an Australian financial services company.