Sebastian is the technical lead of Truesec's Application Security team. He is passionate about making software secure by designing it well. Ideally in a way that actually boosts productivity and developer happiness. He often works with analyzing the security of customers’ software architecture and development life cycles and enjoys working in projects where security is a core requirement. Especially if that includes working on cryptography, secure communications, identities and distributed systems.
Posts by Sebastian Olsson:
This is part two of a two-part blog series on third-party code usage in software development. Go to part one here: Secure your software supply chain – trusting third parties. In part one we looked at the general pros and cons of third-party software use and the necessity of determining trust towards the vendors/publishers. We […]
In an earlier blog post we looked at how to avoid becoming a vector for a software supply chain attack. In this two-part article we will mainly look at how you as a consumer of third-party and/or open source software can identify vendors to trust and mitigate the different relevant threats. Let’s take a pragmatic […]
Securing build servers and the development process as a whole is crucial to avoid becoming part of a software supply-chain attack. SUNBURST is a malware that was spread by breaching the build server for SolarWinds’ Orion product. Using threat modeling it is possible to identify mitigations to reduce the risk and improve the security of the development life-cycle.