2025-09-26 –, Off-Main Track
Supply chain security is a topic which has been raised in profile in recent years through events such as the xz backdoor. In the open source world trust matters a lot. While trust is mostly gained through social interactions, it is also important to trust the tools themselves. This talk will detail how I found several holes in common tools, leading to the potential for attacks against developer's tooling.
David is an open source software engineer at G-Research. His security interests centre around Unix and networks and how to break them in surprising ways. He believes that we need to understand more historical vulnerabilities in order to fix current issues and so spends his spare time researching codebases or technologies that no-one else thinks to look at. This has lead to talks at various conferences, including DEF CON. In addition when he can put it in DNS, he will, creating such hits as "Wikipedia over DNS" and "Wordle over DNS".