From the course: Agile Software Development: Code Quality

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Why secure dependencies?

Why secure dependencies? - SonarQube Tutorial

From the course: Agile Software Development: Code Quality

Start my 1-month free trial

Why secure dependencies?

- [Instructor] Security, such an anxiety-inducing term, especially on a small budget. So what can you do or what should you do to help keep your system secure? The most basic and perhaps most important thing that you can do is keep your dependencies up to date so that you don't expose your users to the security vulnerabilities that have been published in the libraries that you're using. For example, in 2017, Equifax experienced a data breach that exposed its user data to the outside world. In looking at that breach from afar, it is reasonable to develop some assumptions about the cause. You might assume that Equifax, being a large company, with a large development team, again, all assumptions, had developed custom code which was taken advantage of because it wasn't developed securely. But that's not what happened. Equifax was breached because one of their dependencies contained a published security vulnerability and they didn't upgrade in time, and in time, in this case, means that…

Contents