"Hidden Risks In Open-Source Code And AI Models" - Tal Folkman
Through our efforts in tracking and combatting attackers in open source software supply chains, my team has gained valuable insights and lessons. In this presentation, we aim to provide attendees with a new perspective and tools for evaluating the trustworthiness of open source packages and AI models before using them in their own projects. This talk is for anyone who uses open source in their daily work. The goal is to raise awareness about the risks of software supply chain attackers hiding in open source code, and to demonstrate how easy it is for attackers to launch attacks. Attendees will learn about tools for detecting when they are being tricked and how to stay alert to potential threats.
SPEAKER BIO:
Tal Folkman is a security research team lead and accomplished expert in cybersecurity with over 8 years of experience in the field. Tal possesses exceptional skills in detecting and analyzing malicious code present in open-source software supply chains. In 2021, Tal joined Dustico, a software supply chain security startup that was later acquired by Checkmarx. Prior to this, she served for 5 years as both member and leader of IDF's Cybersecurity Red Team. Currently, Tal and her team are dedicated to identifying and combating software supply chain attackers, thereby ensuring the safety and security of the ecosystem.
----
This talk was presented at the ‪@OWASPLondon‬ Meetup on April 18th, 2024 kindly hosted by ‪@thoughtmachine903‬ and sponsored by ‪@CheckmarxOfficial‬
--
Do you want to attend OWASP London meetups in person? Follow OWASPLondon on LinkedIN/Meetup/EventBrite/Facebook/Twitter.
Please SUBSCRIBE to this channel so you get notified when new videos are published
#OWASP #OWASPLondon #SBOM #AppSec