At the turn of the millennium IT organisations had about 60 days to fix software vulnerabilities. Fast forward to 2022 and, well, it’s not good. Zero day vulnerabilities have come and gone. The world now has to learn how to deal with widespread exploitation happening before a fix is available.
In this session we’ll look at Cybercrime and its bigger more dangerous cousin: Cyber-warfare. We'll explore the drivers behind the radical shift, the software arsenal available and how and why developers are both target and unwitting helpers. A dip into Log4Shell and SpringShell will help us understand the basics of how we make software vulnerable and maybe, what we can do to reduce the risks.
No previous experience necessary!
Objective of the presentation:
It's imperative that all developers understand the new battlefield of cyber attacks and how previous assumptions about why and how bad guys attack have to be thrown out the window.
This talk aims to provide insights into the new hows, the new whys and, most importantly, the new realities of attack. Why it's all about supply chains and why everyone is part of a supply chain. Why and how open source projects are being compromised, Why millions of developers are making poor choices and helping the bad guys unknowingly.
Attendee pre-requisites - If none, enter "N/A":
N/A
