Preventing Supply Chain Exploitation: Codecov attacks

Recorded May 19, 2021

As software development cycles become more complex and more developers use third-party tools, potential vulnerabilities in the supply chain increase. When attackers target software providers and code repositories, the compromise can go unnoticed for months, opening opportunities for lateral movement and privilege escalation. Security is only as strong as the weakest link in the chain—due diligence and securing development pipelines are needed to manage this growing risk.

Jordan LaRose (Lead Incident Responder at F-Secure) and Jon Boyens (Deputy Chief Computer Security Division at NIST) discuss how to prevent and mitigate against supply chain attacks, in this podcast hosted by Global Resilience Federation (GRF).

Listen to the podcast and gain insight into

  • The knock-on effects of supply chain exploitation
  • How to secure development pipelines
  • The Codecov attacks
  • How to prevent, detect and mitigate supply chain incidents

Click to listen to the podcast

You might be interested in

F-Secure Consulting Event

22 Jul 2021

11:00 AM - 12:00 PM ET


Securing Your Supply Chain

Join us for a panel discussion led by our consultants working across DevOps, cloud, product security and incident response (IR). They’ll provide information on how risk is introduced into environments, as well as their recommendations for securing the supply chain by addressing the inevitable risks with more effective approaches.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs