Securing the chains: Building defensive layers for software supply chains
Nullcon Goa 2025 · Main Stage
In an era defined by interconnected software components, the security of the software supply chain has become a paramount concern for organizations worldwide. This Nullcon talk, "Securing the chains: Building defensive layers for software supply chains," delivered by Yadu Krishna, a Security Engineer at GED, delves into the complexities of establishing robust defenses against the escalating threat of supply chain attacks. Krishna shares insights from his team's journey in developing an open-source solution, **Supply Shield**, designed to provide comprehensive visibility, actionable intelligence, and scalable security measures for modern software development environments.
AI review
Competent practitioner talk about real problems solved with real tooling — Supply Shield's layered approach to SBOM enrichment, ownership segregation via layer hashes, and transitive dependency tracing via CDXgen is genuinely useful engineering. Nothing here is novel to the field, but it's honest work that a mid-sized org's AppSec team could actually apply.