Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Supply Chain Attack

Andreas Mosti
May 03, 2021
36

Supply Chain Attack

Talk I gave for Bekk Trondheim principles and practices group for security, spring 2021.

Andreas Mosti

May 03, 2021
Tweet

Transcript

  1. 60 top level packages 20 providers 78 top level packages

    32 providers 279 total packages 39 providers 3516 total packages ???? providers
  2. “In an Internet Security Threat Report, powered by Symantec, it

    is stated that supply chain attacks still continue to be a feature of the threat landscape, with an increase by 78 percent in 2018.”
  3. “None of the package hosting services can ever guarantee that

    all the code its users upload is malware-free”