JSConf JP

VJ

VJ

I am passionate about Information Security & Cyber security. I have almost 8+ years of experience working in many industries like Finance, Healthcare etc. I am Currently working as Lead Security at Observe.ai Also Worked in multiple different areas of Security and compliance such as Infra security, Cloud Security, Application Security Vulnerability Management, Penetration Testing, SDLC, and Compliance. I always try to protect the ecosystem & try to spread security awareness among people.

Track A7F party space
13:4014:10(30 min)

Why Build a Secure Supply Chain Management ?

  • English

Software supply chain security is a critical challenge for the future of software development. As the software supply chain becomes increasingly complex, with more and more components being developed and distributed by third parties, the risk of security vulnerabilities being introduced into the supply chain increases resulting in more attacks and exploits. In recent years, we have seen a number of high-profile software supply chain attacks, such as the SolarWinds hack and the Log4j vulnerability. These attacks have highlighted the need for organizations to take Software supply chain security seriously. In my talk, I will dive into several best practices to improve their Software supply chain security posture. What is a supply chain attack ? Various categories of Supply chain attacks with examples How the Javascript libraries and dependencies play a vital role in the software supply chain. I will show examples. Vetting the third-party components - why and how organizations should carefully vet the third-party components they use to ensure that they are from reputable and trustable sources and that they do not contain known vulnerabilities. What is the supply chain management process and how should we use it to ensure that the software we use is secure and compliant. Examples of recent security vulnerability in Javascript - the recent polyfill.js vulnerability Takeaways and closing thoughts