We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Dependency Management: Risk vs Crisis Management

Formal Metadata

Title
Dependency Management: Risk vs Crisis Management
Title of Series
Number of Parts
38
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date2023
LanguageEnglish

Content Metadata

Subject Area
Genre
Abstract
The dependency graphs of modern applications greatly demonstrate how we build software today – we focus on our unique innovation and deal with common challenges by leveraging existing solutions. Though that’s a fine software development approach, each third-party component we use drags along dependencies that drag along their dependencies, and we end up with tons of known and unknown dependencies which could get us into legal and security trouble. To identify and mitigate risks, we need increased knowledge of all software assets, choosing dependency wisely, tacking changes, and timely updating them. In this talk we are going to explore the legal and security dependency management challenges and argue that risk management planning is better than crisis management.