11-22, 15:15–16:00 (Europe/Vienna), Main Room
Open source software powers the modern internet, but our supply chain is increasingly under siege. Recent npm incidents—including the Shai-Hulud worm—highlight how easily malicious code can spread through trusted ecosystems. This talk explores the latest attacks, key lessons from the trenches, and practical strategies every developer, security engineer, and maintainer can adopt today.
The open source supply chain is both our greatest strength and our weakest link. In the past year, npm has faced a series of high-impact malware campaigns, culminating in the discovery of Shai-Hulud—a worm that exploited package trust to propagate at scale. This session provides a deep dive into how these attacks unfold, why traditional defenses often fail, and what actionable steps teams can take to secure their dependencies. Attendees will leave with a clear understanding of current threat trends, detection techniques, and a practical roadmap for hardening their own pipelines, from package validation to runtime safeguards and incident response planning.
Main Track (approx. 200 people)
Security researcher, long-time developer, and AppSec engineer with a focus on web security, supply chain, and AI. Passionate about IoT, electronics, and RF security.