How do you manage risk of internal and third-party software libraries used in code?
Alloy takes comprehensive measures to manage the supply chain of both internal and third-party software libraries in their code. This includes regular checks for patches and security updates, a careful assessment of library suitability by the component tech lead, automated testing with every change involving external libraries, and adherence to the principle of least privilege. Furthermore, routine penetration tests are conducted to identify vulnerabilities in dependencies. It’s worth noting that Causeway maintains ISO27001 certification, which guarantees stringent standards for secure development and change control.