The cost of cybercrime is increasing at a staggering rate, poised to almost equal US GDP by 2027. Cybercrime syndicates are becoming increasingly professional, with elaborate scams to get your data and money. These days, their tool of choice is software supply chain attacks:
- around 61% of US firms were affected by a supply chain attack
- supply chain attacks had 40% more victims than malware in 2022
- a supply chain attack will impact 45% of the global companies

During the current presentation, We will look at what we can do now to ensure we are not part of the above stats.

Initially, we will look at the threat landscape and understand why the traditional moat couldn't protect us from Log4Shell, Spring4Shell, or other similar threats. But also, how the invasion of Ukraine changed the current landscape.

In the second part, we will look at what we can do now to ensure we are not part of the above stats. We will learn what makes a security scanner tremendous and what to look into when building a DevSecOps toolchain.

In the last section, we will zoom in on the software supply chain regulations trends that will ensure the future is brighter, safer, and more transparent.

SBOM - for transparency for both our dependencies and dependents. Not only for software but also for the Gen AI models
Reproducible Builds - for having the mechanisms to double-check the builds we use, providing the certainty that what we want is what we get even if we download binaries
SigStore - the new development in terms of signing builds. Which will ensure more accountability for the code provided.

Everything will be made practical with real-world examples and demonstration of state-of-the-art tooling.