Library Inventory
We’ll start by taking an inventory of the third-party dependencies in the software your organization builds. An accurate inventory is the foundation of a worthwhile patching process. You can’t patch it if you don’t know you’re using it.
One day in the future, and I can’t tell you when, you’re going to come to work and find out that there’s a terrible vulnerability in some widely used piece of software. We’ve seen this happen many times in the past, and even though we don’t know which software or when, we know it will happen again. How will you respond when this happens?
If you wait for the announcement to inventory your third-party software, you’ll have to learn as you go. All the while, customers will flood your support channels ...
Get Practical Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
