Conf42: DevSecOps 2022

- premiere 5PM GMT

...

Oops, there's somebody in my package manager!

Thomas Chauchefoin
Vulnerability Researcher @ SonarSource

Thomas Chauchefoin's LinkedIn account Thomas Chauchefoin's twitter account

Paul Gerste
Vulnerability Researcher @ SonarSource

Paul Gerste's LinkedIn account Paul Gerste's twitter account


What is your worst supply chain nightmare, and why is it somebody breaking into the backend of a popular package manager? Let’s explore how we got our hands on the servers behind the PHP package managers Composer and PEAR, and how we should rethink our approach to supply chain security.

Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways