Software applications are no longer built entirely from custom code. Instead, they are made up of a variety of third-party components, including open-source libraries, frameworks, and modules. Many developers appear to be unaware of the risks inherent in the software supply chain.

If you include software of which you don't know the origin, you are exposed to the risk of including malicious code in your software. There can be vulnerabilities in the package that could be exploited and used as a backdoor to harm your environment. One of the most famous examples was the finding of a vulnerability in Log4J.

To mitigate these risks, it is essential to understand and manage the components you use in your software. In this session will explore best practices for identifying, assessing, and managing third-party software components to ensure the security and integrity of your applications.