PancakesCon 2020: Quarantine Edition | Cryptic Dependencies & Cryptic Crosswords
How do you determine your code’s cryptic dependencies, and what should you do when a new vulnerability is discovered? And how do you solve cryptic crosswords?
As more developers and companies rely on open-source code that anyone can contribute to, these also open doors to a new vector of attack. There are increasing supply chain compromises which successfully sneak in new backdoored packages, use typosquatting, or even compromise build tooling and signing keys.
We’ll first cover common kinds of supply chain attacks, and when they’re likely to happen. For developers, we’ll discuss what you can do to determine your cryptic dependencies, and be notified of new security patches you should apply, including best practices to make this easier on your dev team. We’ll also cover what you can do to contribute back - like how you should report vulnerabilities you discover in open-source.
Now that we have a better handle on your dependencies, let’s address cryptic crosswords. Cryptic crosswords are crosswords, but with every clue itself being a puzzle, one part literal and one part wordplay. These originated in the UK and still gaining popularity in the US, with the New Yorker even bringing theirs back recently! We’ll explain what a cryptic crossword is, the types of clues you’ll encounter, and go through a few of my favourite examples.
You’ll come away with a better understanding of what you can do for supply chain security for your organization, and a better way to flex your brain on a Sunday morning.