Krakow, Poland, 31 May - 2 June 2023
Three Things That Each Developer Should Know to Help Secure Your Code Base
Conference (INTERMEDIATE level)
Room 1
Supply Chain Build Pipeline SBOM DevSecOps
Semantic similarity
The anatomy of supply chain attacks - practical lessons from recent breaches
Score 0.12
Developer Joy – How great teams get s%*t done
Score 0.19
Early Warning Systems: From the Ringing of Church Bells to Automated Malware Detection
Score 0.19
The Colour and the Shape: Understanding Complex Codebases (in Less Painful Ways)
Score 0.20
The match becomes increasingly accurate as the similarity score approaches zero.

The cost of cybercrime is increasing at a staggering rate, poised to almost equal US GDP by 2027. Cybercrime syndicates are becoming more and more professional with really elaborate scams to get your data and money. One of the latest trends in the weaponisation of open-source and the poisoning of real repositories to infect real software.

In order to ensure a safer ecosystem and that our supply chain is protected, we can take advantage of the latest developments:

  • SBOM - for transparency for both our dependencies and dependents
  • Reproducible Builds - for having the mechanisms to double-check the builds we use
  • SigStore - the new development in terms of signing builds.

During the current presentation, we will give an update related to the state of the threats, especially with the latest development related to the war in Ukraine. In the second part, we will dive into the solutions provided by each of the mentioned points and how they fit into the picture of hardening the supply chain.

Based on real-world examples, focused on automation and alerts at scale.

Tools like Syft, Bomber, Grype and Sonatype BOM doctor will be used.
Olimpiu POP
http://www.mindit.io

Olimpiu is a technology executive, who balances his tech savviness with a focus on people and their wellbeing. A constant explorer of new technology trends, he enjoys digesting and spreading knowledge through podcasts or written articles. He is a strong believer in the power of communities and open source, getting involved in technical community building and curating content for conferences as program committee.

Even though he started working with Java in the days of the 1.4 JDK, lately he explored other ecosystems like JS and Go continuously trying to learn other languages and paradigms.

You can follow him on LinkedIn and @olimpiupop for ramblings on technology, cybersecurity and classical music.

You can find content curated or written by him on JavaAdvent and InfoQ. For the daily dose of cybersecurity and open source 505updates.com.
Steve Poole
Sonatype

Developer Advocate, Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader and evangelist. I’ve been working on Java SDKs and JVMs since Java was less than 1. JavaOne Rockstar, JSR leader and representation, Committer on open source projects including ones at Apache, Eclipse and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.

Ticket prices will go up in...

28
Days
:
 
14
Hours
:
 
54
Minutes
:
 
12
Seconds

You missed out!

 Register NOW
Venue address

ICE Krakow, ul. Marii Konopnickiej 17

Phone

+48 691 793 877

Email

info@devoxx.pl

Social Media

Code of Conduct | Privacy Policy