Date/Time
Date(s) - Tue 23 April
19:00
This webinar will discuss some ongoing work to improve the security of software supply chains. This topic has attracted increasing attention after several cybersecurity incidents exploiting vulnerabilities in open source components and services, leading to a political response that is changing the software industry.
Venue: Zoom https://vuw.zoom.us/my/jensdietrich
Facilitator
David Eyers: Professor, University of Otago
Tim White: Research Engineer, Veracity
Detecting Vulnerable Software Components
After incidents such as the Equifax data breach and the critical log4shell security flaw, many tools (Dependabot, Snyk, OWASP dependency check, NPM audit etc) have emerged to detect vulnerabilities in software components. But how accurate are they, and can we do better?
Jens Dietrich: Associate Professor, Victoria University of Wellington
Verifying Program Binaries
Attacks like the SolarWinds supply chain break-in have demonstrated the importance of protecting the infrastructure used to build software. We will talk about some of the challenges this poses, and sketch a solution.
Each 15 min presentation will be followed by a 5 min Q&A. Open facilitated discussion will follow the presentations.