BSides Birmingham 2023

Securing and Managing the Open-Source Supply Chain
2023-10-28 , Ballroom D

There's no denying that we'll continue to face security breaches reminiscent of those affecting Solarwinds, Log4J, and Kaseya, and vulnerabilities in open-source components like Apache Struts and OpenSSL. Software supply chain threats are now an established part of the tech landscape, encompassing both deliberate attacks and unforeseen accidents. The real puzzle here is how IT leaders can stay proactive in addressing these threats. How can CIOs empower their development teams without inadvertently introducing new security flaws? How can they mend critical code issues in systems the organization might not even know exist, all while ensuring a harmonious balance between security and productivity?


In this presentation, we will discuss:
Real world supply chain attacks from a penetration tester
How to take stock of the many open-source components in your code
What a software bill of materials can and can’t do
What tools can help identify vulnerabilities and integrate into development workflows
Where automation can help


Talk Categories:

Red, Blue, Technical

Darrius Robinson, CISSP, is an accomplished Penetration Tester at SecurIT360, boasting an impressive 8-year background in the realms of Information Security and Information Technology. Hailing from Birmingham, his journey into the world of pen testing was ignited when he harnessed the power of Burpsuite to explore the Tesla API and even crafted a web application that granted others the ability to control his car. His fervor extends beyond technology to the development of both web applications and individuals.

Beyond his professional role in pen testing, Darrius takes on a significant role as the Red Team Program Director at the non-profit organization, Black in Cyber Security (B.I.C). In this capacity, he has orchestrated a Red Team Training Program, designed to guide and empower aspiring professionals to obtain essential certifications and connect them with prospective employers. Darrius' dedication to enhancing cybersecurity and fostering the growth of others underscores his profound commitment to the field.