How do you manage risk of internal and third-party software libraries used in code?

cmcnicholas · 10 August 2023 18:03

cmcnicholas · 10 August 2023 18:04

Alloy takes comprehensive measures to manage the supply chain of both internal and third-party software libraries in their code. This includes regular checks for patches and security updates, a careful assessment of library suitability by the component tech lead, automated testing with every change involving external libraries, and adherence to the principle of least privilege. Furthermore, routine penetration tests are conducted to identify vulnerabilities in dependencies. It’s worth noting that Causeway maintains ISO27001 certification, which guarantees stringent standards for secure development and change control.

Topic		Replies	Views
What processes do you have to handle configuration and secrets management to ensure the integrity of Alloy through development, testing and deployment? General security	1	50	10 August 2023
Do you automate integration and deployment pipelines and how do you enforce security, consistency and auditing? Infrastructure development	1	88	10 August 2023
Does any part of the solution being provided contain proprietary software? General development	1	67	30 July 2021
How are potential new threats, vulnerabilities or exploitation techniques assessed? Infrastructure security	1	67	30 July 2021
Are changes to the service assessed for any potential security impact? General development	1	80	30 July 2021

How do you manage risk of internal and third-party software libraries used in code?

Related Topics