Are We Ready For The Next Cyber Security Crisis Like Log4Shell? - Soroosh Khodami

A conference talk transcript covering software supply chain security risks, using live demos to show how dependency confusion and compromised build environments can lead to reverse shell access. The speaker walks through attack vectors including malicious npm/Maven packages, LLM poisoning, and privilege escalation chains from SQL injection to Kubernetes root access. Practical mitigations are organized into critical (version pinning, lock files, checksum verification, namespace reservation), essential (private repository routing rules, dependency scanning, SBOM generation, Renovate/Dependabot), and advanced (artifact signing, SBOM-based continuous monitoring, hardened container images). The talk emphasizes that Log4Shell-era chaos could repeat because 13% of Maven Central downloads are still vulnerable versions, and that SBOM management enables rapid impact assessment during future zero-day events.