How Dependency Confusion Threatens the Software Supply Chain
Speakers: Matt Austin, Pauline Logan, Patrick Spencer
New open-source dependency confusion vulnerability poses serious risk if not detected and remediated.
Discover how a new dependency confusion vulnerability can wreak havoc and create widespread risk across the software supply chain. Unlike traditional typosquatting attacks, dependency confusion offers bad actors a vector that requires no action by the victim.
This moderated webinar session covered:
- How the dependency confusion vulnerability was found and what software is at risk
- How dependency confusion attacks could stealthily manipulate application source code as happened with the SolarWinds Orion attack
- What this means in terms of risk exposure for the software supply chain
- How Contrast developed a capability within Contrast OSS to detect dependency confusion vulnerabilities