Thursday
Room 2
13:40 - 14:40
(UTC+01)
Talk (60 min)
Worms in our software supply chain - Where do we go from here?
In 2025, we've seen an unprecedented surge in attacks against the open-source software supply chain. What began as smaller, isolated incidents has escalated into full-on worms propagating through widely used packages.
This shift has forced us to confront just how fragile and how critical our ecosystem really is, and to ask hard questions about where we go from here.
This talk traces the recent history of supply-chain threats, highlights the evolution that brought us to this moment, and explores the uncomfortable but necessary conversations we must have as a community to ensure that open source remains resilient, secure, and worthy of our trust.
Charlie Eriksen
Charlie Eriksen is a Security Researcher at Aikido Security, specializing in software supply-chain security. He focuses on detecting malicious code in open-source packages and on improving the ecosystem's resilience against emerging threats. Previously, he worked in consulting, offensive security, and bug bounties, co-founded a training company focused on the OWASP Top 10, and founded a company focused on JavaScript static analysis.