Dependency Management: Risk vs Crisis Management

Zitieren

Plain Schwarz

Zheleva, Radoslava Atanasova, Velichka

Formale Metadaten

Titel

Dependency Management: Risk vs Crisis Management

Serientitel

FOSS Backstage 2023

Anzahl der Teile

Autor

Zheleva, Radoslava

Atanasova, Velichka

Lizenz

CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/66693 (DOI)

Herausgeber

Plain Schwarz

Erscheinungsjahr

2023

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

The dependency graphs of modern applications greatly demonstrate how we build software today – we focus on our unique innovation and deal with common challenges by leveraging existing solutions. Though that’s a fine software development approach, each third-party component we use drags along dependencies that drag along their dependencies, and we end up with tons of known and unknown dependencies which could get us into legal and security trouble. To identify and mitigate risks, we need increased knowledge of all software assets, choosing dependency wisely, tacking changes, and timely updating them. In this talk we are going to explore the legal and security dependency management challenges and argue that risk management planning is better than crisis management.