Open Source Under Attack: Software Supply Chain Risk in the Age of Regulation

Open source is the backbone of modern business, and the primary attack surface. Incidents like Log4j, XZ Utils, and Shai-Hulud demonstrate how a single compromised dependency can create global business impact overnight. This session connects technical supply chain failures to real business risk, regulatory pressure under the EU Cyber Resilience Act (CRA), and executive accountability. Focus on how vulnerabilities and malware enter open source ecosystems, why they evade existing controls, and what organizations must change to remain compliant, resilient, and operational.