TalkSecure

Clean Up Your Code Libraries | Q&A with Jim Manico

Posted on

by

Jim Manico is the author of “Iron-Clad Java: Building Secure Web Applications” and founder of Manicode Security, which trains software developers on secure coding.

Recent reports on Codecov Bash Uploaders infected with malware intent on stealing developers’ credentials is more proof that sophisticated attackers are targeting developers through their code repositories and libraries.

This puts the onus on third-party developers to protect their code libraries, asserts Jim Manico, author of “Iron-Clad Java: Building Secure Web Applications” and founder of Manicode Security, which trains software developers on secure coding. That protection starts with assessing your libraries and removing those you don’t need and are not using.

“We all have this third-party library legacy debt. It’s in every organization that builds software now. I’m saying be judicious in your use of third-party libraries,” he suggests.

Training developers to program more securely with awareness of interdependencies is easier if the library sources are clean. And to support developer’s workflow, testing and feedback loops should operate at the speed the developers do, or ‘lightening fast’ with an acceptable level of accuracy, Manico says.

Fun Facts:

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now