Community Engagement Meeting – January 2026

Securing Open-Source Libraries at the Source: Eliminating Software Supply Chain Risk

Open-source libraries are the foundation of modern software, but they are also one of the largest and least protected attack surfaces in the software supply chain.

In this webinar, Chainguard’s Senior Principal Developer Relations Engineer Manfred Moser explains why over 80% of today’s applications depend on open source, how public package registries have become prime targets for attackers, and why traditional approaches like CVE scanning and client-side patching are no longer enough.

You’ll learn how software supply chain attacks actually happen, from typosquatting and compromised build systems to malware distributed without source code, and why most developer-targeted malware originates from public registries like PyPI, npm, and Maven Central.

The session introduces Chainguard Libraries, a proactive approach to open-source library management that rebuilds libraries directly from trusted source code, blocks malware before it reaches your environment, and delivers fully compatible artifacts with built-in SBOMs and SLSA provenance. Using Chainguard’s Chain Factory system, this model prevents entire classes of supply-chain attacks rather than reacting after the fact.

What’s covered:

1. How the open-source software supply chain works and where it breaks
2. Common supply-chain attacks targeting libraries and registries
3. Why CVE scanners and patching fall short against malware
4. How Chainguard Libraries rebuild and secure libraries from source
5. Support for Python, Java, and JavaScript
6. Built-in SBOMs, SLSA provenance, and compliance readiness

What you’ll learn:

1. How to eliminate over 98% of library-based malware risk
2. How to secure dependencies without changing developer workflows
3. How rebuilding libraries from source simplifies compliance

Whether you’re a security leader, platform engineer, or developer, this session will help you understand today’s software supply chain risks and how to cut them off at the source.

Plus…rumor has it there’s a free coffee voucher for those who attend! ☕️

Save the Date: Tuesday, 20th January 2026

Time: 9:15 – 10:25 am (networking until 10:40 am)
Where: Online via Teams

Register here: https://events.teams.microsoft.com/event/32cdeef3-0480-4343-9522-6a23552f137e@158e39a1-001c-44f0-90d6-35872708c845

The future is digital, and OxCyber is leading the way!

We look forward to having you attend the event!