ConfPad

Front-end developers have grown accustomed to protecting themselves from attackers seeking to exploit vectors such as cross-site scripting and malicious input, but the prevalence of reusable micro-libraries in the Node.js ecosystem makes JavaScript developers particularly susceptible to software supply chain attacks.In this session Mitch will share his perspective on helping to protect Microsoft and its customers from these supply chain attacks and what it is like being the vendor of an artifact management service which often plays the middleman between target and victim.Learn how Microsoft tackles the problem of securely taking dependencies on open source software and what problems scanning tools can and can’t solve and thoughts on how we as an industry could start to tackle the problem for 0-day malicious packages.