OSC&R - Open Software Supply Chain Attack Reference

Slides: https://static.sched.com/hosted_files/owasp2023globalappsecwashin/e2/OSC%26R%20OWASP%20Final.pptx.pdf

The past decade the software development lifecycle evolved dramatically with the wide adoption of DevOps culture, cloud-first strategy and the surge of SaaS business application and the ever-growing use of open source code. This served as a ground to the current emerging attack vector - the software supply chain. The attackers goals did not change they are still attempting to stealing data and infecting machines. The attacker tactics may be utilizing common attack techniques such as exploiting vulnerabilities …

adoption application attack attackers attack vector business change cloud code culture current development devops emerging goals lifecycle open source saas software software development software supply chain source code strategy supply supply chain