During this presentation we will look at the current state of software supply chain security. We will try to understand what SSC is using a very simple metaphor to help envision the most concrete risks. We will cover a range of topics, including common vulnerabilities, attack vectors, mitigation strategies, security tools and frameworks, and best practices. In addition and most importantly we will discuss the role of OpenSSF, a collaborative initiative that aims to improve the security of open source software through advocacy, best practices, and tools.

By the end of this talk, you will have a clearer understanding of the current state of software supply chain security and how we can concretely improve our practices.