Capslock: What is your code really capable of? (security.googleblog.com)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 17 Sep 2023 02:39
https://inks.tedunangst.com/l/5036

Avoiding bad dependencies can be hard without appropriate information on what the dependency’s code actually does, and reviewing every line of that code is an immense task. Every dependency also brings its own dependencies, compounding the need for review across an expanding web of transitive dependencies. But what if there was an easy way to know the capabilities–the privileged operations accessed by the code–of your dependencies?

#development #security

#development #inks #security

threaded - newest