Malicious Intent in the Open Source Supply Chain - Ryan Voloch

Can we trust open source code and binaries to not include malicious functions? Starting with a review of the open source supply chain & attack vectors, this vendor-agnostic talk is focused on the malicious intent of those in the open source community and what organizations can do to reduce risk. Ryan Voloch [https://twitter.com/VDog90 / http://www.voloch.com/] has 18 years of experience in leading and maturing Cyber Security programs within large national enterprises. As a Pittsburgh native, Ryan has enjoyed his career in retail, higher education, and healthcare private sectors. He is currently managing and leading a team of awesome individuals at the Department of Energy’s National Energy Technology Lab as a Maximus Attain support contractor. Among many, some of Ryan’s passions include developing people, reducing risk via maturity assessments, incident response, GRC/compliance, blue teaming, and process improvement.