Software Dependencies: Do you Know What’s Lurking in your Software? - DevOps 219

Charles is joined by Caleb Fornari and Jeffrey Groman as we discuss the challenges of public versus private package managers and the security implications of using public repositories.

Links

• Adventures in DevOps - Devchat.tv
• Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
• Devchat.tv | JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel Wayne
• Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months
• GitHub | The Node Security Platform

Picks

• Caleb- Have a plan to mitigate damage if someone is able to get inside your network. Don’t just secure the public side of your technical infrastructure, make sure your internal security as just as strong as your external security.
• Charles- Dev Heroes Accelerator | Devchat.tv
• Charles-  The Umbrella Academy | Netflix
• Charles- Personal Retreat
• Jeffrey- Asset management: Know and document where all of your digital assets reside. Whether servers, VMs, EC2 instances, and all of your structured and unstructured data.
• Jeffrey- You can’t secure what you don’t know about