Loading…
In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
Open Source Malware or a Vulnerability? The Philosophical Debate and How To Mitigate - Brian Fox, Sonatype; Madelein van der Hout, Forrester Research Inc.; Santiago Torres-Arias, Purdue University
Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room C
As open source software is increasingly important in modern software development, the security challenges continue to evolve. Vulnerabilities are largely understood, but open source malware poses a uniquely hidden threat. But when does a planted vulnerability transform a package into malware? This talk will discuss and debate the nuances between open source vulnerabilities and malware, as well as discuss the before diving into what’s most important: how to stay secure with open source.

Traditional SCA and endpoint security tools do not detect open source malware, which increases the challenge. In this panel, key experts — from software engineering acad to influential analysts and open source security veterans — will dive into the different types of open source malware and why it’s so pervasive, outline practical strategies for mitigating threats and discuss the responsibility of enterprises and developers in safeguarding the software supply chain.
Speakers
avatar for Brian Fox

Brian Fox

Co-founder and CTO, Sonatype
Co-founder and CTO, Brian Fox is a Governing Board member for the Opensource Security Foundation, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin... Read More →
avatar for Madelein van der Hout

Madelein van der Hout

Senior Analyst Cybersecurity & Risk, Forrester Research Inc.
Madelein is a senior analyst on the security and risk (S&R) team, focusing on European security consulting firms, European CISO strategy work, and security operating model and organizational research. She supports security executives and professionals in building and maturing their... Read More →
avatar for Santiago Torres-Arias

Santiago Torres-Arias

Assistant Professor of Electrical and Computer Engineering, Purdue University
Santiago Torres-Arias is an assistant professor at Purdue’s ECE department, where researches Secure Systems, Applied Cryptography and Software Supply Chain security. Santiago is the team lead of in-toto, a framework to secure the SDLC, as well as PolyPasswordHasher, a password storage... Read More →
Thursday April 3, 2025 16:00 - 16:30 BST
Level 1 | Hall Entrance S10 | Room C
  Security
  • Content Experience Level Any

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link