A Java Developer’s Guide to Supply Chain Security - OCX 2024

Channel:
Eclipse Foundation
Subscribers:
24,000
Published on ● Video Link: https://www.youtube.com/watch?v=gdaxGQLC5WY


Duration: 0:00
28 views
0

As software supply chain attacks and vulnerabilities become more prevalent and regulators start requiring more rigorous development processes for both open source and proprietary software, it is more important than ever to understand how secure software should be written and distributed. In this talk, we'll discuss what software supply chain security is and discuss some recent incidents that illustrate the importance of having a secure software supply chain. We'll discuss important concepts like producing a software bill of materials (SBOM), automated and reproducible builds, and provenance attestations. We’ll review the recommendations around supply chain security from open source foundations and government agencies. We'll see how open source tools like Dependabot enable companies to keep their software secure long after it’s been published, and what developers need to do to prevent their software supply chain from becoming insecure. Finally, we’ll mention some tools and processes that Java developers can use to produce secure software, and tie back all the concepts discussed to concrete, Java-specific actions. After attending this talk, audience members will know what steps are required to create a secure Java project, and will be able to upgrade the security of their Java project in case it is not already following best practices.



Other Videos By Eclipse Foundation


2024-11-16Unleashing Organizational Potential Embracing Open Source Principles - OCX 2024
2024-11-16Collaborative Approaches to License Compliance OpenHarmony and Eclipse Oniro Compliance Toolchain
2024-11-16Crafting a Cloud Development Environment with Eclipse Che and Personal AI Assistants - OCX 2024
2024-11-16Your Journey to Inner Source - OCX 2024
2024-11-16Sustaining Git performance under heavy workloads: GHS, an AI driven approach (spons. by GerritForge)
2024-11-16Zero-Downtime Development (sponsored by Data in Motion & Kentyou) - OCX 2024
2024-11-16GitHub for Fun, Profit, and Security - OCX 2024
2024-11-16Eclipse IDE: A Chance for Every Java Developer and Java Using Company - OCX 2024
2024-11-16Mastering your Eclipse IDE - Java tooling, Tips & Tricks! - OCX 2024
2024-11-16Security Audits Panel - OCX 2024
2024-11-15A Java Developer’s Guide to Supply Chain Security - OCX 2024
2024-11-14Conformity Assessment to build data pipelines between organisations, from PDF to source code-OCX 24
2024-11-14The reality of CDT's LSP and Tooling situation - OCX 2024
2024-11-14Chisel: a bottom up build strategy for minimal and secure Ubuntu containers - OCX 2024
2024-11-14BigCode: Building Open LLMs for Code - OCX 2024
2024-11-14Behind the scenes of JUnit 5 – running an independent open source project by example - OCX 2024
2024-11-14Eclipse Xpanse – Portable Managed Services to drive Cloud Autonomy sponsored by Huawei - OCX 2024
2024-11-14Disrupting the SW Composition Analysis market with OSS and open data - OCX 2024
2024-11-14Eclipse Apoapsis - Open Source based Software Composition Analysis at scale - OCX 2024
2024-11-14Leverage the evolution of Eclipse PDE - OCX 2024
2024-11-14Build and CI Observability for Open Source Communities (sponsored by Gradle) - OCX 2024