Slides

Video

AI Generated Summary

This talk at OWASP London June 2025 by Anant Shrivastava (Chief Researcher, Siphonoid Research) challenges the common focus on securing code dependencies and explores what else beyond source code we’re ignoring in software supply chain security.

Speaker Background

• Title: Chief Researcher (perks of having own company - define own title)
• Company: Siphonoid Research - research-powered trainings based company
• Experience: 17 years corporate experience, trainer, speaker at various conferences
• Open Source Projects: Code Vigilant (learned code review, used to disclose bugs), Hacking Archives of India (tracks Indian infosec researchers), Tamer Platform (Android security focused)
• Contact: @anantshri across all social media platforms (except Snapchat), anantree.info

Key Topics

Why Supply Chain Security Now:

• Incidents: SolarWinds, Codecov, Colonial Pipeline - attacks happened not as direct consequence but indirect attack caused catastrophe
• US Executive Order: SBOM clearly mentioned, NIST framework created
• Not new issue: OWASP “Usage of Known Vulnerable Component” - how OWASP used to denote supply chain security issues even before keyword came into limelight
• Ken Thompson’s “Reflections on Trusting Trust” (1983): Talked about how compiler can be backdoored - issue from 1970s
• EU agency: Described as topmost issue in 2030 - not going anywhere
• Global regulations: US, Indian, Japanese, European, UK - all coming up with different regulations, most saying “have SBOM, maintain good quality hygiene”

Industry Reaction:

• Collective failure: IT industry does what is bare minimum necessary to get by
• Bare minimum: If requirement is 80.0000, will not do 80.0001 - just do bare minimum required
• People creating SBOM: Very much difference between good quality SBOM vs SBOM someone is creating, but having SBOM does the check mark, people happy with it

Why Bigger Problem Now:

• Automation of systems: DevOps came into picture, rapid build cycles
• Deploy to production faster: Organizations deploying 40-50 times a day
• Rapid development pace: Less inclined about maintaining tech debt, more inclined about releasing features
• 80% of code: Stats say about 80% of code is actually import statements - just borrowing code from other people
• npm example: is-even module, is-odd module - one depends on other, cascading dependencies

Supply Chain Beyond Code:

• Developer environment: Chrome extension → AI prompt → Visual Studio Code → GitHub → CI/CD → Container → Kubernetes → EC2
• Autonomous AI agents: Running in developer machines with full access to command line (curl, wget, brew, apt-get, sudo rm -rf)
• Developer machines: AWS credentials in ~/.aws/credentials, SSH keys in ~/.ssh/id_rsa, admin access, debugging tools, compilers
• What you see is not what you get: URL shows different content based on user agent (browser vs curl | bash)
• Chrome extensions: 33 malicious extensions, SSH agent, HTML5 file system access, Web USB/Bluetooth APIs
• Visual Studio Code extensions: Verification only means owns domain, not extension validation; openvsx.org marketplace takeover
• Homebrew: brewsh.org phishing, sudo password capture
• Linux packages: RPM/DEB pre/post install/uninstall scripts can contain backdoors
• Git clones: Recursive submodules = code execution
• Postman: Opening collection = code execution
• Notepad++: Fake domain serving binaries with extra ingredients
• Cursor/Windsurf: AI agents with command line access, prompt injection via hidden Unicode characters

CI/CD Systems:

• Who watches the watchers?: SolarWinds was TeamCity attack
• Container images: Misleading titles (OpenJDK, Golang), AMI selection criteria (size, stars)
• Dependency caching: Can be poisoned - official site has right software, caching layer poisoned
• Bait and switch: Intentional or good intentions then sold/given away (WordPress plugins, npm packages)

What Do We Do:

• ATOM acronym: Awareness, Trust but verify, Ongoing monitoring, Measure and map (observability)
• Observability: Can you ask “how many systems have log4j.jar?” - IBM took 45 days
• Resources: extensionauditor.com, OSQuery, signed commits

Key Insights:

• Supply chain security not new - Ken Thompson 1983, going to be topmost issue in 2030
• Industry does bare minimum - collective failure
• 80% of code is import statements
• Beyond code: developer environments, extensions, packages, CI/CD, containers
• Developer machines have credentials, admin access, debugging tools
• ATOM: Awareness, Trust but verify, Ongoing monitoring, Measure and map
• Observability crucial

Actionable Takeaways:

1. Supply chain security not new - going to be topmost issue in 2030
2. Industry does bare minimum - collective failure
3. Beyond code dependencies - developer environments, extensions, packages, CI/CD, containers
4. Developer machines have lots of credentials and admin access
5. ATOM: Awareness, Trust but verify, Ongoing monitoring, Measure and map
6. Observability crucial - can you ask “how many systems have log4j.jar?”
7. Resources: extensionauditor.com, OSQuery, signed commits
8. What you see is not what you get - curl | bash problems
9. Chrome extensions have file system and hardware access
10. VS Code extensions - verification only means owns domain
11. Cursor/Windsurf - prompt injection in hidden Unicode
12. CI/CD - who watches the watchers?
13. Container images - are you sure downloading official?
14. Dependency caching - can be poisoned
15. Bait and switch - intentional or good intentions then sold