We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.

Dependency Management: Risk vs Crisis Management

Formal Metadata

Dependency Management: Risk vs Crisis Management
Title of Series
Number of Parts
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date2023

Content Metadata

Subject Area
The dependency graphs of modern applications greatly demonstrate how we build software today – we focus on our unique innovation and deal with common challenges by leveraging existing solutions. Though that’s a fine software development approach, each third-party component we use drags along dependencies that drag along their dependencies, and we end up with tons of known and unknown dependencies which could get us into legal and security trouble. To identify and mitigate risks, we need increased knowledge of all software assets, choosing dependency wisely, tacking changes, and timely updating them. In this talk we are going to explore the legal and security dependency management challenges and argue that risk management planning is better than crisis management.