Community-maintained repositories like Chocolatey and Winget have become indispensable patching tools for IT and security teams. But behind the convenience lies hidden risk: outdated packages, missing signatures, and community-driven code can open doors that attackers are eager to exploit. We’ve already seen it in ecosystems like NPM and PyPI — why assume OS-level repos are any safer?
In this session, Gene Moody, Field CTO for Action1, will put community repositories under the microscope, stress-testing their safety even with controls in place. He’ll define practical guardrails that let you move fast without turning speed into compromise. You’ll leave with a clear framework for when to trust community repos, when to go vendor-direct, and how to balance agility with security while keeping patch cycles on track.
By the end of this session, you’ll be able to: