In this podcast, Wes talks to Guy Podjarny (Founder/CEO Synk). The two discuss the space between open source software and third-party dependencies, including a discussion of the Equifax hack (and what we can learn from it), the role of serverless architectures today (and what it means to application surface area), and then finally they wrap with security hygiene best practices with OSS and serverless.
Why listen to this podcast:
- The majority of security vulnerabilities that exist in applications today comes from vulnerable third-party libraries, rather than the application’s own code.
- An application shouldn’t permit total leak of all data because of a single vulnerability - defence in depth is important.
- Equifax couldn’t have failed more spectacularly in the way they handled it.
- The Equifax hack serves as a wake-up call to pay attention to vulnerabilities in dependencies.
- If your build system breaks the build when a dependency vulnerability is found automatically, it will be applied sooner.
More on this: Quick scan our curated show notes on InfoQ http://bit.ly/2ziAIat
You can also subscribe to the InfoQ newsletter to receive weekly updates on the hottest topics from professional software development. bit.ly/24x3IVq
Like InfoQ on Facebook: bit.ly/2jmlyG8
Follow on Twitter: twitter.com/InfoQ
Follow on LinkedIn: www.linkedin.com/company/infoq
Want to see extented shownotes? Check the landing page on InfoQ: http://bit.ly/2ziAIat