New Shiny Library or Popular Shiny Library? Build More Secure Software by Choosing Newer Libraries

When selecting a third-party library, many software engineers simply choose the one with the highest popularity. Does a library's recent activity provide the best heuristic to minimize security risks and ensure good code quality?SonarQube, an open-source static code analysis tool, measures software...

By

Kenneth Po

June 16, 2022

All papers are copyrighted. No re-posting of papers is permitted

Related Content

Coolest Careers Poster

SANSがおすすめするサイバーセキュリティの仕事20選: DevSecOps エンジニア

DevSecOps エンジニアの主な業務や、スキルアップのためのSANSのおすすめのコースを紹介します！

Cloud Security, DevSecOps

February 10, 2023

What is DevSecOps

Part one of a four-part blog series about what’s needed to shake, shimmy, and shift left

Stacey Dunn

What's New in SEC540: Cloud Security and DevSecOps Automation

The Cloud Moves Fast. Automate to Keep Up.