Lawrence Crowther
Head of Solution Engineering Snyk
Brisbane, Australia
Actions
Lawrence Crowther is a leader in the Asia Pacific and Japan (APJ) tech scene with over 20+ years of experience. He heads solutions engineering at Snyk, where his team helps grow the business and promote Snyk's product offerings across the region. Previously, Lawrence held senior positions at Elastic and Pivotal Software, as head of solutions architecture and field CTO. His experience spans open source software, distributed systems, and securing modern cloud native application environments.
Area of Expertise
Topics
The Dark Side of Open Source: Mitigating Supply Chain Threats
Open source software has revolutionised the way we build and deploy software, but it's not all sunshine and rainbows. The widespread adoption of open source components has introduced a dark side - hidden risks and threats that lurk in our supply chains. From vulnerable libraries to malicious code injections, the risks are real and growing.
In this talk, we'll explore the underbelly of open source and expose the threats that lie within. We'll delve into:
- The most common vulnerabilities and weaknesses in open source components
- How attackers exploit these weaknesses to compromise our systems
- Example attacks in software supply chains using open source
- The role of supply chain attacks and sabotage in open source projects
- Strategies for mitigating these risks, from code audits to software bills of materials
- Best practices for responsible open source usage and contribution
Secure code safe future mastering security in critical software development
You do your best to build a quality product and ensure testability and maintainable code. However, code security issues require a different domain of expertise, and your last vulnerable line of code is your first security regret. Maybe you heard about OWASP Top 10, and just maybe you can spot an SQL injection but how do you scale and prioritize code security across your tech stack and your development team? How do you ship secure operational technology (OT) software for critical infrastructure? This task becomes even more difficult to balance with false positive alerts, struggles to find vulnerable C++ libraries statically compiled in your runtime, and bridging the growing security knowledge gap that results in developers writing insecure code. Tune in to learn about secure coding practices and techniques to produce high-quality secure software. Your takeaways from this session will be learning from practical real-world vulnerable code, secure dependency upgrade policies, leveraging SBOMs for vulnerability and package signals, and hands-on hacking demos. This session offers actionable strategies and real-world applications to help you safeguard your critical software projects.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top