DevOps 064: Software Dependencies: Do you Know What’s Lurking in your Software?

Charles is joined by Caleb Fornari and Jeffrey Groman as we discuss the challenges of public versus private package managers and the security implications of using public repositories.PanelCaleb FornariCharles Max WoodJeffrey GromanSponsorsDev Heroes AcceleratorLinksAdventures in DevOps - Devchat.tvDependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other CompaniesDevchat.tv | JSJ 357: Event-Stream & Package Vulnerabilities with Richard Feldman and Hillel WayneMalicious code found in npm package event-stream downloaded 8 million times in the past 2.5 monthsGitHub | The Node Security PlatformPicksCaleb- Have a plan to mitigate damage if someone is able to get inside your network. Don’t just secure the public side of your technical infrastructure, make sure your internal security as just as strong as your external security.Charles- Dev Heroes Accelerator | Devchat.tvCharles-  The Umbrella Academy | NetflixCharles- Personal RetreatJeffrey- Asset management: Know and document where all of your digital assets reside. Whether servers, VMs, EC2 instances, and all of your structured and unstructured data.Jeffrey- You can’t secure what you don’t know about  Advertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-devops--6102036/support.