Featured image
Truesec pattern
Tech Talk

Managing Threats and Vulnerabilities From Third-Party Dependencies

We take a look at typical threats and risks with third- party components and find pragmatic approaches to managing the risk, while staying productive.

Modern software development stands on the shoulders of third-party frameworks and libraries, many of which are open source. This leads to fantastic possibilities in software composition and productivity, but it also means that most projects depend on massive amounts of potentially vulnerable or malicious code.

Managing the different classes of threats from dependencies is complex, and there is no single tool to solve all problems. For most organizations, it's possible to reduce the risk through awareness and sound policies, and automation.

Examples of risks to consider and mitigate are:
– Dependencies with known vulnerabilities.
– Dependencies on unmaintained projects.
– Supply chain attacks and malicious dependencies.

In this Tech Talk, we'll take a look at typical threats and risks with third-party components and find pragmatic approaches to managing the risk while staying productive.

Key Learnings

  • Classes of threats to consider when using third-party dependencies in software development.
  • General policies to reduce the third-party risk for most development projects.
  • The benefits of visibility and risk reduction through automation.



Who It's For

Software developers, software project managers, software product managers, and information security professionals.

Get Notified About Upcoming Tech Talks

Stay ahead in cyber

Join 1000+ other cyber professionals that get monthly updates from us with the key things to know.