The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + AI_dev Japan 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Japan Standard Time (UTC +9). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.
The xz-utils vulnerability has attracted attentions from every person who are involved in not only open-source software but also any form of software that is built with a collaboration of developers. The vulnerability, or rather the social engineering attack has combined multiple attack techniques: maintainer takeover, obfuscated trigger code, and binary files pretending sample archives, and targeted Linux distributions, which are fundamental in the current software supply chain. In this session, Taku aggregates multiple existing analyses about the vulnerability, and explains how the attack was performed with a progress of the incident as well as technology details of the malicious source code and binary. Taku also presents a potential risk of similar incidents in open-source repositories by using some utilities including OpenSSF’s Scorecard and Criticality Score. This session would suggest what kind of attacks would come next for the software industry and would be mitigated or coped with.
