From OpenJS World 2022: Securing JavaScript – Myles Borins, Product Manager, GitHub
Myles Borins, Product Manager at GitHub, presented on Securing JavaScript at OpenJS World this past June. The npm registry is the heart of the JavaScript ecosystem.
From OpenJS World 2022: Securing JavaScript – Myles Borins, Product Manager, GitHub
Myles Borins, Product Manager at GitHub, presented on Securing JavaScript at OpenJS World this past June. The npm registry is the heart of the JavaScript ecosystem. Hear about the steps taken at GitHub to secure this important part of the software supply chain from enforcing software solutions such as automated malware scanning to policies such as enforcing two-factor authentication for high-impact packages. This talk covers what the team at GitHub shipped to respond to an increase in threats to their ecosystem and what they are working on next.
Full keynote available here: https://www.youtube.com/watch?v=eDZHrNbyK3c
Main Sections:
0:00 Introduction
1:21 Account Takeovers (ATO)
2:50 What did we do right?
4:56 What did we learn?
6:20 The npm security roadmap
15:34 Demo
16:32 Campaign using stolen OAuth tokens
18:08 Validation with registry package signing
19:12 What’s next?
Main OpenJS Resources:
Main Site: https://openjsf.org/
Blog: https://openjsf.org/blog/
Join: https://openjsf.org/about/join/
Certification: https://openjsf.org/certification/
Twitter: https://twitter.com/openjsf
LinkedIn: https://www.linkedin.com/company/openjs-foundation/