Time:
Room:
Shai-Hulud: What Happened and How Developers Can Protect Themselves
JavaScript supply-chain attacks have been escalating since the early days, from the ESLint compromise in 2018 that stole npm tokens, to the sophisticated event-stream backdoor targeting Bitcoin wallets later that year. Shai-Hulud happened last year, marking a new era of self-propagating worms in the npm ecosystem. This talk will examine what happened in the Shai-Hulud attack and provide practical, actionable steps developers can take to protect workstations from being compromised by malicious packages.
Patrick Burke
Sales Engineer
Chainguard
Patrick is a sales engineer at Chainguard. Chainguard offers near-zero-CVE container images and hardened application dependencies. Patrick helps organizations perform technical and business evaluations of Chainguard's products. Before Chainguard, he was at Orca Security (a cloud-native app protection platform) for 2 years, most recently as a principal sales engineer.