Go Time: Golang, Software Engineering cover image

Go Time: Golang, Software Engineering

Dependencies are dangerous

Jul 3, 2024
Ian and Johnny discuss the polyfill.io supply chain attack, Go Proverbs, and the importance of dependency management. They explore risks of CDNs, transitioning to OpenTelemetry, vulnerability risks in Go libraries, updating dependencies, and learning C programming for software development.
01:03:37

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • Dependency management is crucial for software security.
  • Backend developers prioritize security for sensitive data protection.

Deep dives

Understanding the Polyfill.io Security Incident

Polyfill.io, a popular CDN serving JavaScript libraries for browser polyfills, was found to be sold to a different company, leading to malicious JavaScript injections affecting numerous websites. Websites like Hulu and JSTOR were found redirecting users to gambling sites due to this compromise, highlighting the severity of the situation. CDNs play a vital role in web performance, but the incident serves as a reminder of the potential risks associated with relying on third-party services like CDNs and the importance of monitoring and vetting them for security threats.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner