Speaker: Bryan Whyte, CISSP Director, Solutions Engineering @Sonatype
Date: June 17, 2026 @ 6:00 pm
Join us on Zoom or in person at Burlington, MA ( Register Here )
"Bryan Whyte breaks down the latest wave of open source malware, explains how these threats diverge from traditional vulnerabilities, and shares actionable steps for organizations to defend mission-critical software.
"As organizations deepen their reliance on open-source software, evolving security threats are reshaping the landscape at an unprecedented pace.
"Threat actors are now increasingly targeting development pipelines and trusted ecosystems like npm to orchestrate supply chain attacks with significant downstream impact. Incidents such as the 2025 Shai-Hulud npm campaign, the XZ Utils backdoor, and the widespread compromise of over 23,000 GitHub repositories illustrate how open-source malware has quickly become a critical, top-tier threat built to evade legacy scanning and exploit trust woven into modern delivery pipelines.
"--The shifting tactics of threat actors targeting npm, PyPi, GitHub, and development pipelines
"--Key differences between open-source malware and traditional malware or vulnerabilities
"--The most prevalent malware types and tactics driving today's software supply chain attacks
"After spending 20 years in software development, Bryan started his journey into Application Security in 2015 with the AppScan tool suite for Static, Dynamic and Mobile Application Security Testing. In 2018, he expanded his Cybersecurity proficiency, earning the Certified Information Systems Security Professional (CISSP). In 2019, he was excited to join Sonatype due to the explosive growth of open-source software, which has made Software Composition Analysis (SCA) a critical aspect of Application Security".