Beyond Trust: Building Community-Driven Security Analysis for Your .NET Software Supply Chain - Niels Tanis
This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper
Attend the next NDC conference near you:
Subscribe to our YouTube channel and learn every day: @NDC
Follow our Social Media!
#dotnet #security #api #devops
In today's development, approximately 80% of our software deployments consist of code written by someone else. Using existing libraries and packages is essential for productivity and avoiding reinventing the wheel, this dependency on third-party code introduces security risks that can be hard to address in a good way.
First part of this talk will focus on the challenges of securing our software supply chain, particularly on NuGet package security and the hidden threats lurking within all of our used dependencies. We'll examine how traditional approaches fall short when it comes to identifying planted malware, risky APIs, and other security vulnerabilities embedded deep within the packages we trust.
While tools like the OpenSSF Security Scorecard provide valuable metrics, they only scratch the surface of what's needed for comprehensive supply chain security. What if we could go deeper? What if we had detailed analysis of NuGet package contents, automated detection of risky API usage?
Join me as I introduce Fennec Labs, a community-focused OSS project designed to help
|
2026/03/19
youtube
