DevSecCon: Strengthening the Software Supply Chain and Open Source Projects
Escrito por: Ulises Gascón
Mar 27, 2025 — 2 min read
Ready to build secure projects and strengthen your understanding of the Software Supply Chain? Join us for an exciting DevSecCon Community Call live session featuring a panel of seasoned experts, trainers, and renowned public speakers—some of whom are core maintainers of Node.js, one of the most iconic open-source projects in the world!
This interactive event is designed to help you dive deep into the world of software supply chain security. Bring your questions and engage directly with our experts in real time.
What we'll cover:
- 🔗 Understanding the Software Supply Chain: Explore its components, from open-source libraries to Docker images and common Infrastructure-as-Code (IaC) configurations.
- ⚡ Why Security Matters: Learn how vulnerabilities are exploited through real-world examples and the risks involved.
- 🛠️ Effective Security Strategies: Discover essential processes, tools, and cultural shifts for securing your supply chain.
- 📜 SBOM (Software Bill of Materials): Debate its necessity, challenges, and insights from OpenJS analyses.
- ✅ Choosing Third-Party Components: Tips for making secure, informed decisions.
- 🔒 Maintaining Secure OSS Projects: Best practices for safeguarding your projects, with a behind-the-scenes look at Node.js security.
- 🤖 The Role of AI in Security: Uncover AI-generated threats and how AI can help prioritize secure projects and dependencies.
Whether you’re a developer, an open-source maintainer, or a cybersecurity enthusiast, this session is packed with actionable insights and expert advice. Don’t miss out on the chance to engage, learn, and elevate your security posture!