Andrei Epure

Andrei is part of the Languages Team at Sonar in Geneva, developing the code analyzers for the .NET offering (Code Quality and Security for C# and VB.NET using the Roslyn compiler framework). Formerly at Microsoft Ireland, Almetis France, and Bitdefender Romania.

Dependency confusion and its cure. A NuGet story.

Supply chain attacks are challenging to discover and can seriously affect the security and reputation of organizations. Alex Birsan described in February 2021 a novel supply chain attack: dependency confusion. Are you sure that the library you are using is from the correct source? Do you know how NuGet works behind the scenes? In this session, Andrei will present what a dependency confusion attack is, the risks it poses, and how .NET developers can guard against it in the NuGet ecosystem.