Kalle Sirkesalo

Kalle Sirkesalo

Kalle works as CTO of Managed Services, making sure Eficode delivers the best possible offering for our service customers. Having worked in the Eficode Managed Services team for many years his experience is wide and deep; he is familiar with maintenance, upgrades and migrations of services to cloud as well as the challenges related to adopting new ways of working.


Day 1, 13:20

AI-Powered Slopsquatting: Is Your Software Supply Chain Compromised?

Manual dependency checks are no longer sufficient. The software supply chain faces an evolved threat: Slopsquatting. In this talk I’ll expose the nature of AI-driven Slopsquatting, a technique exploiting subtle naming variations and developer habits to inject malicious code.

I will dissect why this threat vector is particularly insidious, how AI enhances its effectiveness, and the high probability that your current practices leave you vulnerable.

In this talk I’ll show concrete examples from the real world on how to counter this behaviour.

Learn how to integrate automated checks, enhance vetting processes, and adopt DevSecOps strategies crucial for safeguarding your applications and understanding the collective responsibility we share in securing the open-source landscape.

Define Slopsquatting and how AI transforms it into a scalable, sophisticated threat.

Analyze the specific vulnerabilities exploited by AI-driven Slopsquatting.

Evaluate the risks associated with inadequate dependency management in CI/CD pipelines.

Implement robust, automated strategies to counter Slopsquatting threats.

Understand the broader implications for software supply chain security.

Kalle works as CTO of Managed Services, making sure Eficode delivers the best possible offering for our service customers. Having worked in the Eficode Managed Services team for many years his experience is wide and deep; he is familiar with maintenance, upgrades and migrations of services to cloud as well as the challenges related to adopting new ways of working.


Day 1, 13:20

AI-Powered Slopsquatting: Is Your Software Supply Chain Compromised?

Manual dependency checks are no longer sufficient. The software supply chain faces an evolved threat: Slopsquatting. In this talk I’ll expose the nature of AI-driven Slopsquatting, a technique exploiting subtle naming variations and developer habits to inject malicious code.

I will dissect why this threat vector is particularly insidious, how AI enhances its effectiveness, and the high probability that your current practices leave you vulnerable.

In this talk I’ll show concrete examples from the real world on how to counter this behaviour.

Learn how to integrate automated checks, enhance vetting processes, and adopt DevSecOps strategies crucial for safeguarding your applications and understanding the collective responsibility we share in securing the open-source landscape.

Define Slopsquatting and how AI transforms it into a scalable, sophisticated threat.

Analyze the specific vulnerabilities exploited by AI-driven Slopsquatting.

Evaluate the risks associated with inadequate dependency management in CI/CD pipelines.

Implement robust, automated strategies to counter Slopsquatting threats.

Understand the broader implications for software supply chain security.

About DevConf

From the very beginning we've been focused on people, not on companies. Being developers ourselves we thrive to provide the ultimate experience that will be remembered. We'd like to connect awesome speakers with the willing-to-learn-and-share community. It's not only about sessions - it's also about meeting with like-minded people - it can result in great ideas, is that right?

DevConf Team

Organizer

Dev Events Sp. z o.o.
ul. Wielicka 91/4
30-552 Krakow, Poland
VAT ID/NIP: PL6793284690