AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Go Time: Golang, Software Engineering
Dependencies are dangerous
Jul 3, 2024
Ian and Johnny discuss the polyfill.io supply chain attack, Go Proverbs, and the importance of dependency management. They explore risks of CDNs, transitioning to OpenTelemetry, vulnerability risks in Go libraries, updating dependencies, and learning C programming for software development.
01:03:37
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Dependency management is crucial for software security.
- Backend developers prioritize security for sensitive data protection.
Deep dives
Understanding the Polyfill.io Security Incident
Polyfill.io, a popular CDN serving JavaScript libraries for browser polyfills, was found to be sold to a different company, leading to malicious JavaScript injections affecting numerous websites. Websites like Hulu and JSTOR were found redirecting users to gambling sites due to this compromise, highlighting the severity of the situation. CDNs play a vital role in web performance, but the incident serves as a reminder of the potential risks associated with relying on third-party services like CDNs and the importance of monitoring and vetting them for security threats.
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode