SBN

Clean Up Your Code Libraries | Q&A with Jim Manico

Jim Manico is the author of “Iron-Clad Java: Building Secure Web Applications” and founder of Manicode Security, which trains software developers on secure coding.

 

 

Recent reports on Codecov Bash Uploaders infected with malware intent on stealing developers’ credentials is more proof that sophisticated attackers are targeting developers through their code repositories and libraries.

This puts the onus on third-party developers to protect their code libraries, asserts Jim Manico, author of “Iron-Clad Java: Building Secure Web Applications” and founder of Manicode Security, which trains software developers on secure coding. That protection starts with assessing your libraries and removing those you don’t need and are not using.

Claroty

“We all have this third-party library legacy debt. It’s in every organization that builds software now. I’m saying be judicious in your use of third-party libraries,” he suggests.

Training developers to program more securely with awareness of interdependencies is easier if the library sources are clean. And to support developer’s workflow, testing and feedback loops should operate at the speed the developers do, or ‘lightening fast’ with an acceptable level of accuracy, Manico says.

Fun Facts:

cleancode

 

*** This is a Security Bloggers Network syndicated blog from Shift Left authored by Deb Radcliff. Read the original post at: https://shiftleft.grammatech.com/clean-up-your-code-libraries-jim-manico

Application Security Check Up