Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive analysis of software dependency behaviors and security risks in this 19-minute conference talk from OpenSSF. Learn how to evaluate the capabilities and potential vulnerabilities of software packages before incorporating them into your projects. Discover data-driven insights comparing packages with known CVE records against those without security issues, and understand how to identify signals that indicate a package's security posture. Examine the risks associated with various dependency capabilities and develop strategies for making informed decisions when upgrading or adding new dependencies to your software stack. Gain practical knowledge about what to look for when evaluating new dependencies and how their specific capabilities may introduce security risks to your applications, supported by analysis of thousands of packages extracted from various package managers and stored on GitLab.com for detailed source code examination.
