Talk: Should You Bring That Package in Your House?
It would be difficult to imagine writing code today without the benefit of package managers. It would be like water skiing with a friend pulling you along in a row boat. Package managers are a huge boost to code reuse and developer productivity. But do they come with a dark side?
Is this a security talk? Anytime there is something good on the internet, there are bad actors looking to exploit it. This talk covers some of the threats that package managers and the packages they host bring to developers. It also highlights some existing mitigations and whether they are effective. And to cap it off, the talk proposes some ideas for better security in the future. While the talk focuses mostly on the NuGet package manager, the principles apply to nearly every package manager.