CyberConnect October Event with Fadzayi Chiwandire

🔍 Who’s in Your Code? Unpacking the Hidden Risks in Software Supply Chains

Last night’s CyberConnect session, “Who’s in Your Code? The Supply Chain Plot Twist No One Saw Coming,” was a powerful reminder of how trust, speed, and complexity shape the cybersecurity landscape. Led by Fadzayi Chiwandire, Application Security Consultant at CyberCX, the session explored the invisible risks that come with modern software development—where 90% of code is sourced from third-party libraries, and every dependency is a potential entry point.

Fadzayi walked us through real-world breaches like SolarWinds, Log4Shell, and the XZ Utils backdoor, highlighting how attackers increasingly target what your app is built on—not just the app itself. A key takeaway: developers inherit risks they didn’t create, and transitive dependencies buried deep in the codebase can be the most dangerous.

We also discussed practical strategies like maintaining SBOMs, implementing signature verification, and securing CI/CD pipelines. Fadzayi’s closing message hit home: “Security isn’t about paranoia—it’s about knowing who’s in your code.”

🔗 About CyberConnect
CyberConnect is a monthly community-driven series hosted by CyberWest Hub, designed to spark conversation, share insights, and build capability across WA’s cyber ecosystem. Each session features expert speakers and real-world challenges to help us better understand and navigate the evolving digital threat landscape.

Thanks to everyone who joined us for this eye-opening session. Let’s keep building trust, transparency, and resilience in our digital supply chains.