Already this year, two significant open‑source software supply chain attacks have occurred within days of each other and both exposed the same underlying issue: organizations lack continuous visibility into the software they build and buy. At the pace software supply chain attacks are occurring, it’s entirely possible we’ll see several more before this webinar even takes place.

Manifest Cyber and BlueVoyant break down two real, recent incidents; the TeamPCP attack that spread across five ecosystems using stolen CI/CD credentials, and a separate compromise of a widely used npm package with over 100 million weekly downloads. These attacks weren’t theoretical and they succeeded because traditional third‑party risk management (TPRM) programs and point‑in‑time security checks leave a critical visibility gap after software is deployed.  

During this practical and retrospective session, we'll cover:

• What happened in two recent OSS supply chain attacks and why traditional controls failed
• The detection capabilities that would have been required to prevent these attacks
• Specific and practical hardening actions you can take immediately