i'm in ur scm, bein a ninja presented at BSidesDC 2014

by Hank Leininger,

URL : http://www.youtube.com/watch?v=H7H3-YoXQlQ

Summary : In recent years secure development practices and supply chain integrity have gotten more attention. But the integrity of the source code repository, which should be central to both conversations, has been neglected.
There have been tons of known breaches in which attackers gained access to source code. Who says the code was only read?
Attackers with a foothold inside an enterprise can do fantastic damage to that organization, or to their downstream customers.
In this talk I'll go through several attack scenarios, and tie them to the many, many source code compromises we know about.
I'll go through some mitigation steps/strategies - or the lack thereof.