Every day developers rely on Open Source Software to deliver value and add functionality in their projects. While these Open Source projects are essential to any mature software, have we taken a step back an analysed whether the code it safe? Is this trust misplaced?

This talk will go through ways we can bring the trust back and give developers the confidence to add these packages in their projects. We will look at how malicious code can be added to these packages, what actions can be taken to prevent such packages from being added to our source code, and finally what steps need to be taken if a vulnerable package is found in our source code.