Open Source Malware or a Vulnerability?... Brian Fox, Madelein van der Hout & Santiago Torres-Arias
Brian Fox, Madelein van der Hout, Santiago Torres-Arias
KubeCon + CloudNativeCon Europe 2025 · Session
This insightful panel discussion at KubeCon EU, featuring industry veterans Brian Fox, Madelein van der Hout, and Santiago Torres-Arias, meticulously dissects the evolving landscape of software supply chain threats. The talk challenges conventional perceptions by drawing a critical distinction between unintentional **software supply chain vulnerabilities**—such as the infamous Log4j—and deliberate **software supply chain attacks**, exemplified by incidents like SolarWinds or the attempted XZ Utils compromise. This nuanced differentiation is presented as fundamental to developing effective mitigation strategies, moving beyond a simplistic view of all supply chain incidents as uniform.
AI review
This panel cuts through the noise to deliver a brutally honest assessment of the software supply chain. It meticulously dissects the critical distinction between accidental vulnerabilities and intentional, industrial-scale open-source malware. With hard data on the explosion of malicious packages, concrete examples of novel attack vectors, and a deep dive into effective behavioral detection, this session provides actionable intelligence that every developer, CISO, and security professional needs to internalize. It's a much-needed, no-bullshit look at a threat that traditional security tools…