Session

.NET supply chain: Protecting against hidden threats

Modern software relies heavily on third-party components like open-source libraries and NuGet packages, which can introduce security risks. If you're not carefully managing these dependencies, you could expose your application to vulnerabilities or even malicious code—just like what happened with Log4J.

In this session, we'll cover best practices for securing your .NET projects, including using tools like Trivy and NuGet’s security features to scan and monitor dependencies. We’ll also discuss supply chain observability—how to track vulnerabilities and ensure the integrity of your components.

Beyond tools, we'll touch on team policies for approving third-party libraries, setting security gates in CI/CD pipelines, and fostering a security-first mindset in your organization. Live demos will show practical steps you can implement right away to protect your applications.

Tom van den Berg

Lead Developer | Tech Lead in .NET & Microsoft Azure

Gorinchem, The Netherlands

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top