A pragmatic approach to security and third party dependencies
Online, CEST Time Zone May 26, 2021, 11:20 AM - 12:10 PM
As developers we must be aware of potential security vulnerabilities when writing code, but what about all those third-party components we use?
Regardless of if you use NuGet, NPM, Maven or some other package manager or build system there are tons of modules just waiting to be downloaded. How do you handle potential security risks from these third-party components, while staying productive and able to focus on delivering high quality software?
Tooling and automation can be very helpful, but we must know which problems we are trying to solve to be able to automate solutions. Let’s take a pragmatic look at the threats involved and what we can do to stay reasonably secure.