Wednesday
Room 2
15:00 - 16:00
(UTC±00)
Talk (60 min)
.NET supply chain: Protecting against hidden threats
Modern software relies heavily on third-party components like open-source libraries and NuGet packages, which can introduce security risks. If you're not carefully managing these dependencies, you could expose your application to vulnerabilities or even malicious code—just like what happened with Log4J.
In this session, we'll cover best practices for securing your .NET projects, including using tools like Trivy and NuGet’s security features to scan and monitor dependencies. We’ll also discuss supply chain observability—how to track vulnerabilities and ensure the integrity of your components.
Beyond tools, we'll touch on team policies for approving third-party libraries, setting security gates in CI/CD pipelines, and fostering a security-first mindset in your organization. Live demos will show practical steps you can implement right away to protect your applications.
Tom van den Berg
Tom van den Berg is a lead developer at Info Support.
As a developer he is part of a team that realizes new and innovative solutions.
Tom likes to think outside of the box and he gets a lot of energy from sharing knowledge and encourage other people to think outside of the box.