Conf42: DevSecOps 2022

Subscribe to watch Watch this talk Watch Premiere
...

Oops, there's somebody in my package manager!

Thomas Chauchefoin
Vulnerability Researcher @ SonarSource

Thomas Chauchefoin's LinkedIn account Thomas Chauchefoin's twitter account

Paul Gerste
Vulnerability Researcher @ SonarSource

Paul Gerste's LinkedIn account Paul Gerste's twitter account



What is your worst supply chain nightmare, and why is it somebody breaking into the backend of a popular package manager? Let’s explore how we got our hands on the servers behind the PHP package managers Composer and PEAR, and how we should rethink our approach to supply chain security.

Download slides (PDF)
See all 46 talks at this event!

Awesome tech events for

Priority access to all content

Community Discord

Exclusive promotions and giveaways

Terms and Conditions & Code of Conduct