Webinar On Demand

How a Dependency Hijacking Vulnerability in Microsoft Teams Highlights Gaps in the Software Supply Chain

Recorded October 4, 2021

View a Complimentary Webinar Sponsored by Contrast Security

The proliferation of third-party software is a boon for developers but introduces gaps in visibility and governance. As a result, the software supply chain has become a prominent attack vector for vulnerable IT systems. Dependency hijacking has gained traction as the latest example of attackers targeting the software supply chain by piggy-backing off of native package managers as a vehicle for malicious code.

In this talk, Matt Austin, Director of Security Research and Adam Schaal, Director of Enterprise Security at Contrast Security will share their experiences validating and disclosing a dependency hijacking vulnerability in Microsoft Teams. Audiences can expect to come away with:

  • An understanding of the process behind discovering, validating and reporting a dependency hijacking vulnerability in commercial enterprise software
  • Best practices businesses should consider to safeguard their third-party software assets within native CI/CD workflows.
  • Context around the importance of software supply chain governance in the wake of recent breaches and President Biden’s cybersecurity executive order


Matt Austin, Director of Security Research

Matt is an accomplished application security expert with over 11 years of experience focused on security research, development, and engineering.

Adam Schaal, Director of Enterprise Security

Adam Schaal is the Director of Enterprise Security at Contrast Security with an extensive background in both development and application security. He has experienced both sides of making and breaking applications and enjoys contributing back to the information security community with work in big projects like redctf and the O.MG cable, a malicious cable implant.  He is also very active in his local security community as a founder of Kernelcon, a mid-size information security conference, and DEF CON 402, a local DEF CON group. Adam works out of Omaha, Nebraska, one of the least likely places in the United States to encounter shark attacks or suffer altitude sickness.