Sam "Frenchie" Stewart

In a world where the recipe for software development is as complex as a gourmet dish, it's time to take a closer look at the ingredients being mixed into our digital delicacies. "The Software Sausage is Past Its Expiration Date" peels back the casing to reveal the unsettling truths about the state of Software Supply Chain Security, across both open and closed source environments (Spoiler: They’re both open source environments). As we navigate the complex, interconnected web of libraries, dependencies, and third-party components, we're forced to confront the reality that not all parts of the chain receive the rigorous scrutiny they deserve. This talk will carve into the meat of the matter, serving up a blend of humo(u)r and hard truths. We'll explore some household name vulnerabilities in deep technical detail (How did theSolarwinds & Log4j bugs actually work? Why were all of the files on my disk suddenly replaced by a ❤️ emoji?) and why every developer may soon need to worry if their code runs on a german nuclear power plant. But fear not! This session isn't just a doom-and-gloom buffet. We'll also cook up strategies for Building Trusted Software, incorporating the freshest of security practices from the Open Source Security community (OpenSSF.org), and ensuring that our software sausage is not just palatable, but robust against the evolving threats of the digital age. Join us to digest the current state of software supply chain security and leave with a recipe for building a healthier ecosystem—one link at a time.