Clean Up Your Code Libraries | Q&A with Jim Manico

May 4, 2021

Jim Manico is the author of "Iron-Clad Java: Building Secure Web Applications” and founder of Manicode Security, which trains software developers on secure coding.

 

 

Recent reports on Codecov Bash Uploaders infected with malware intent on stealing developers’ credentials is more proof that sophisticated attackers are targeting developers through their code repositories and libraries.

This puts the onus on third-party developers to protect their code libraries, asserts Jim Manico, author of "Iron-Clad Java: Building Secure Web Applications” and founder of Manicode Security, which trains software developers on secure coding. That protection starts with assessing your libraries and removing those you don’t need and are not using.

“We all have this third-party library legacy debt. It’s in every organization that builds software now. I’m saying be judicious in your use of third-party libraries,” he suggests.

Training developers to program more securely with awareness of interdependencies is easier if the library sources are clean. And to support developer’s workflow, testing and feedback loops should operate at the speed the developers do, or ‘lightening fast’ with an acceptable level of accuracy, Manico says.

Fun Facts:

cleancode

 

Interested in trying CodeSonar or CodeSentry for yourself?
Book Evaluation

Recent Articles

Popular Articles

Posts by Topic