Managing Your Security Product in the Cloud, Like a Spartan — Hysolate

Your on-premise products rely on open-source software

Best Practices for a Vulnerability-free Management Product

  • Embrace an automatic vulnerability scanner as part of your development process. There are essentially two ways that a new third party vulnerability can be disclosed in your product — either a new vulnerability is disclosed in an older dependency that you already use, or a developer adds a new, already-vulnerable dependency to your product. Both scenarios can be avoided by adding an automatic vulnerability scanner to your development process. In Hysolate’s case, we use an automated npm audit scan, as the 3rd parties in our Management Service are JavaScript packages.
  • Consider using a paid vulnerability scanning tool. If you’re using multiple types of packages in your project, or developing in multiple programming languages, you should definitely consider using a scanning tool such as WhiteSource, Synopsis, or Snyk. These tools often claim to have larger vulnerability databases and dedicated security research teams, but can often provide additional capabilities such as static code analysis.
  • If you’re using a private GitHub repository — enable GitHub’s alerts for vulnerable dependencies. If you already embraced one of the recommendations mentioned above, you should already be covered. The only reason I recommend to enable this one as well — is the fact that it’s so easy. Within three mouse clicks, you will have GitHub scanning your dependencies for you. Note that public GitHub repositories have this feature enabled by default, but if your code is hosted in a private repository — then this tip becomes relevant.

You have a great security team, but you are not Amazon

If it’s on-premise, and we’ve got COVID-19, is it really on-premise?

Summary (choose your battlefield)

About the Author

About the Author

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hysolate

Hysolate

Hysolate is a software platform that enables locally deploying and remotely managing virtual, secured, environments on a single endpoint.