Software supply chain attacks can be catastrophic. For instance, the 2020 SolarWinds hack was considered an attack against the entire government and private sector of the United States of America.

Security researchers have shown that all significant package managers are vulnerable to supply chain attacks like typosquatting and dependency confusion. NuGet is vulnerable by design in its default configuration.

First, you will see how typosquatting and dependency confusion attacks can compromise .NET supply chains that rely on the default NuGet configuration. Second, I will show how you can secure your NuGet configuration to thwart evil hackers.

This talk will assume attendees have some basic knowledge of NuGet and MSBuild.