Session

Free, but at What Cost? OSS in the Age of Supply Chain Attacks

Open source software underpins modern technology, enabling rapid innovation through reuse and collaboration. But this model relies on a fragile trust chain: today’s applications depend on vast networks of third-party packages, often maintained by a handful of individuals.

In 2026, multiple high-profile attacks on open source ecosystems—especially within npm—exposed how easily this trust can be exploited. Small compromises in widely used dependencies cascaded into large-scale supply chain incidents.

This session examines how these attacks work: how adversaries leverage dependency networks, maintainer access, and package distribution to spread malicious code. We’ll focus on real-world cases to uncover why these attacks are effective and hard to detect.

Finally, we’ll discuss practical strategies to reduce risk, including better dependency management and the emerging role of AI-assisted tools in both attacking and defending the open source supply chain.

Antonio Pedro

Software Engineer @ Devexperts | Open-source Contributor

Porto, Portugal

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top