I spoke at the Cloud Security Alliance Boston chapter this Thursday (April 17th, 2025) on software supply chain security. We defined the space, walked through a couple major incidents, and looked at ways to move forward using the CVE system / scanning and SLSA among other approaches.
You can view the deck as a PDF.
I created some memes for this session.
First, a generic “hacking” meme using the famous episode of NCIS where two of the actors try to repel a hacker by typing on the keyboard at the same time.
To highlight that the CVE system is a way to deal with known vulnerabilities, I created this Space Jam meme. (I was thinking of using a Pandora’s box template, but I didn’t like what was out there and went with this.)
To highlight that you’re also responsible for known vulnerabilities in your host OS, VM, etc, I created this:
Finally, I used this classic “always has been” template to create a meme for the (shocking) fact that your dependencies have dependencies.
