Barbarians at the Gate: Visualizing and Blocking SDLC Infrastructure Threats with SITF
S Berkovich
fwd:cloudsec North America 2026 · Day 1
In this compelling talk at fwd:cloudsec, Shay Berkovich from Google (formerly of the WH Threat Research Group) introduced the **SDLC Infrastructure Threat Framework (SITF)**, a novel approach to understanding, visualizing, and defending against the escalating wave of attacks targeting the Software Development Life Cycle (SDLC). Berkovich highlighted a stark reality: more SDLC infrastructure has been compromised in the past 18 months than in the preceding decade combined. This alarming trend, fueled by the ease of AI-assisted payload development and the increasing sophistication of threat actors, demands a fundamental shift in defensive strategies.
AI review
Berkovich brings a well-scoped, original framework to a problem space that has mostly been addressed with vibes and vendor decks. SITF is grounded in real incident data, ships working tooling, and names a genuine blind spot — the producer-side bias in supply chain security — that most of the field is still glossing over. Not a five because the framework is early, the AI integration is more prototype than production, and the 81-technique library is thin compared to what a mature MITRE-style taxonomy would require.