Loading…
November 2-4 | Napa, California
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the Linux Foundation Member Summit 2021 to participate in the sessions.

Please note that the schedule is subject to change.
Back To Schedule
Tuesday, November 2 • 5:00pm - 5:30pm
How a Dependency Injection Vulnerability in Microsoft Teams Highlights Gaps in the Software Supply Chain - Adam Schaal, Contrast Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The software supply chain introduces multiple complexities that are compounded by the velocity of modern agile and DevOps practices. The volume of third-party code from a growing number of unknown sources far outweighs proprietary, custom code. This proliferation of third-party software in modern applications is a boon for developers but introduces gaps in visibility and governance. More recently, attackers have become more savvy in that, instead of attacking businesses directly, they will target the software supply chain attacks as a vehicle for malicious code penetrating vulnerable systems. Dependency confusion is a prominent example of how attackers can piggy-back on top of native package managers within the software supply chain as an attack vector to accessing sensitive data. In this talk, Adam Schaal, Director of Enterprise Security at Contrast Security will share his experiences validating and disclosing a dependency confusion vulnerability in Microsoft Teams as a case study to enterprises should consider safeguarding their third-party software assets.

Speakers
avatar for Adam Schaal

Adam Schaal

Director of Enterprise Security, Contrast Security
Adam Schaal is the Director of Enterprise Security at Contrast Security with an extensive background in both development and application security. He has experienced both sides of making and breaking applications and enjoys contributing back to the information security community with... Read More →



Tuesday November 2, 2021 5:00pm - 5:30pm PDT
Silverado West