Don't Be Afraid to Re-Invent the Wheel
The article discusses the risks and benefits of using external codebases in software development, emphasizing the importance of security, efficiency, and the potential advantages of building internal solutions.
Read original article
In the current landscape of software development, the abundance of frameworks, libraries, and plugins presents both opportunities and risks. While these external codebases can accelerate development and reduce costs, they also introduce significant security concerns and dependencies that can complicate project management. Developers must recognize that they are ultimately responsible for every line of code in their projects, regardless of its origin. Relying on external libraries can create a complex web of dependencies, increasing the attack surface and potential vulnerabilities. Moreover, the maintenance and integration of these external resources can consume valuable time and resources that could be better spent on developing internal solutions. The article emphasizes the importance of evaluating the long-term implications of using external codebases, suggesting that building a focused internal codebase may often be more efficient and secure. The author shares their experience with BotBarrier, where they opted to minimize dependencies by developing their own solutions, thereby maintaining control over their product and reducing the risks associated with external codebases. Ultimately, the piece advocates for a careful consideration of when to adopt external resources and encourages developers to prioritize security and efficiency in their projects.
- External codebases can introduce significant security risks and dependencies.
- Developers are responsible for all code in their projects, regardless of its source.
- Building internal solutions can often be more efficient and secure than relying on external libraries.
- Managing dependencies can complicate project maintenance and increase vulnerability.
- Careful evaluation of external resources is essential for effective project management.
Related
Ask HN: Pragmatic way to avoid supply chain attacks as a developer
The article addresses the security risks of managing software dependencies, highlighting a specific incident of a compromised package. It debates the effectiveness of containers versus VMs and seeks practical solutions.
Micro-libraries need to die already
The article critiques micro-libraries for introducing complexity and security risks, advocating for developers to use simple utility functions instead, which can reduce dependency issues and improve code efficiency.
How to Tame Evil Dependencies
Dependencies among software development teams can hinder project success, increasing time-to-market and failures. Effective management involves reframing dependencies as risks and employing strategies like minimization, mitigation, and knowledge sharing.
⓿ dependencies!
Minimizing dependencies in software development enhances quality and performance. Developers should use built-in libraries, and library creators should aim for zero dependencies, potentially signified by a GitHub badge.
Our Software Dependency Problem (2019)
The article highlights the increasing reliance on software dependencies in programming, emphasizing the need for thorough inspection and better tools to assess associated risks and ensure software security.
2 commentsBut there is a good chance it will matter for you!
How many people do you think got fired for the Log4J RCE for using the library. How many people got fired for the Heartbleed vulnerability for using OpenSSL?
What would have happened if you had written those vulnerabilities yourself?
Also, if you have the same vulnerabilities as everyone else, the news coverage is diluted.
There is a line that has to be drawn between "depends on legendarily well tested database" and "depends on 20 pieces of random npm code where the import statement is longer than the sourcecode". Do you really need to import an external dependency that removes whitespace at the end of a string?
Unless you are one of the people who really vet their dependencies heavily surely dependencies are just used because they save you time and you trust others that it is going to be okay. This is why we need harder liability laws for software errors.
Related
Ask HN: Pragmatic way to avoid supply chain attacks as a developer
The article addresses the security risks of managing software dependencies, highlighting a specific incident of a compromised package. It debates the effectiveness of containers versus VMs and seeks practical solutions.
Micro-libraries need to die already
The article critiques micro-libraries for introducing complexity and security risks, advocating for developers to use simple utility functions instead, which can reduce dependency issues and improve code efficiency.
How to Tame Evil Dependencies
Dependencies among software development teams can hinder project success, increasing time-to-market and failures. Effective management involves reframing dependencies as risks and employing strategies like minimization, mitigation, and knowledge sharing.
⓿ dependencies!
Minimizing dependencies in software development enhances quality and performance. Developers should use built-in libraries, and library creators should aim for zero dependencies, potentially signified by a GitHub badge.
Our Software Dependency Problem (2019)
The article highlights the increasing reliance on software dependencies in programming, emphasizing the need for thorough inspection and better tools to assess associated risks and ensure software security.