Devcon VI

The Attacker is Inside: Javascript Supplychain Security and LavaMoat
10-13, 13:30–14:00 (America/Bogota), Talk 2

We all use open source, it is the wealth of the commons that forms the foundations we all build on. While this is incredibly empowering, we may be inviting the devil to dine with us. This talk examines software supplychain attacks in the javascript and crypto ecosystems and how to keep your app, wallet, and users safe. We'll look at the free and opensource tool LavaMoat that protects MetaMask.

kumavis founded MetaMask and now leads their Security Research team. Contributor to MetaMask, LavaMoat, Endo, SES, Ethereumjs, js-libp2p.

Full-stack developer and technology researcher. JS Security Engineer at MetaMask working on LavaMoat and Endo. Started using Node.js at v0.8 and never stopped. Enjoys innovating and teaching security, diagnostics and maintainability. One of the oldest members of meet.js Poland community - both as a speaker and organizer.