Supply Chain Security and the Real World: Lessons From Incidents

Friday Oct 3

14:15 –

15:00

TAP1, Room 2

Sophisticated -- and not-so sophisticated -- breaches and attacks in recent years have taught us a lot about the soft spots that attackers target. We can turn these insights into actionable advice for the average devops team.

This talk will look at some real world examples of supply chain compromises and translate the lessons into concrete actions that you can take today to help secure your builds and pipelines. The incidents we’ll look at include the codecov breach and the recent changed-files attack. I’ll show how straightforward changes to build processes and CI/CD settings can help prevent similar attacks and mitigate the effects when dependencies are breached.

Supply chain security is becoming more and more important, but it is often talked about in abstract and general terms that do little to help the average organisation. Not in this talk!

Adrian Mouat

Author of 'Using Docker'

Keynotes

Thursday Oct 2 @ 13:00

Things You Thought You Didn’t Need To Care About That Have a Big Impact On Your Job

Holly Cummins

Friday Oct 3 @ 16:30

Getting Buy-In: Overcoming Larman's Law

Allen Holub

Thursday Oct 2 @ 09:00

AI, Corporate Responsibility, and Democratic Legitimacy – Is DevOps the Answer?

Joanna Bryson

Friday Oct 3 @ 09:00

Sonic Pi live Coding

Sam Aaron

Wednesday Oct 1 @ 13:00

13 years of cryptocurrency de-anonymization (and counting)

Sarah Meiklejohn

Friday Oct 3 @ 13:00

Beyond Chat: Bringing Models to The Canvas

Lu Wilson

Wednesday Oct 1 @ 09:00

Connection is Everything

Ken Hughes

Wednesday Oct 1 @ 17:15

Decoding and Recoding in the Age of AI

Chris Colbert

Thursday Oct 2 @ 17:15

The Way the Future Was

Kevlin Henney

James Lewis