Keeping #third-party #dependencies in check
▻https://hackernoon.com/keeping-third-party-dependencies-in-check-e9f5d1467039?source=rss----3a8
Detecting vulnerabilities in third-party dependencies of your organization.In this article I am explaining the risks of third-party dependencies and how to mitigate them with appropriate tools.Damned if you don’tWhether you’re a developer, a CTO or a tech lead, I bet you have at some point faced a dilemma of adding a third-party dependency to your software. With all the benefits, they sure do come with some obvious trade-offs along the following lines:Well known vulnerabilities: there are so many people using this code, there are bound to be some smart people who have already found a way to breach itLicense restrictions: a lot of libraries and components cannot be used in some circumstances and unless you’re well versed in different types of licences, you can get into legal troubleLack of (...)