When an ethical hacker announced he’d successfully breached 35 technology company’s vulnerable software supply chains, including Apple, Microsoft and Netflix, it was no surprise to Sonatype.
Our research team detected over 300 suspicious packages back in 2020, led by Alex Birsan’s research efforts. We added these components to our data, alerted the community, and have been actively protecting customers ever since.
By taking advantage of a novel concept known as ‘dependency confusion’ aka ‘namespace confusion’, Birsan pushed his research packages downstream in an automated fashion to the development environments of multinational technology companies. The method he described is now widely deployed by other actors, with 1444% growth in similar packages in a week since he published his findings.
In this 30 minute webinar, Ax Sharma, Security Researcher and Advocate, Brian Fox, CTO, and Ilkka Turunen, Field CTO, discuss the events that led to the breaches, how this particular method of software supply chain attack is so simple, and yet so effective and what you can do about it to avoid exposure in the future.
Additional topics covered include:
Ethical hacking: why organizations can pay upwards of $100k a breach
How Sonatype detected and protected
Clear steps on how to avoid future attacks
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia
London Office -168 Shoreditch High Street, E1 6HU London
Subscribe for all the latest software security news and events
Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.
Terms of Service Privacy Policy Modern Slavery Statement Event Terms and Conditions Do Not Sell My Personal Information