Open source software has revolutionised the way we build and deploy software, but it's not all sunshine and rainbows. The widespread adoption of open source components has introduced a dark side - hidden risks and threats that lurk in our supply chains. From vulnerable libraries to malicious code injections, the risks are real and growing.

In this talk, we'll explore the underbelly of open source and expose the threats that lie within. We'll delve into:
- The most common vulnerabilities and weaknesses in open source components
- How attackers exploit these weaknesses to compromise our systems
- Example attacks in software supply chains using open source
- The role of supply chain attacks and sabotage in open source projects
- Strategies for mitigating these risks, from code audits to software bills of materials
- Best practices for responsible open source usage and contribution