UPDATED 18:30 EST / AUGUST 01 2017

APPS

Snyk tackles security risk in open-sourced Node.js libraries

In modern web applications based on open-sourced libraries, often times developers are not aware of just how much dependency there is on risky third-party software packages. Guy Podjarny (pictured), co-founder and chief executive officer at Snyk Ltd., explained how his company is ensuring developers are working with Node.js packages free from security flaws. Node.js is an open-source JavaScript runtime based on Chrome’s V8 engine.

“Snyk deals with open-source security, specifically in Node.js in the world of NPM [Node Package Manager]. NPM is amazing and allows us to build on the shoulders of giants. But there are some inherent security risks with just pulling code off the internet and running it in your application,” Podjarny said. 

Snyk spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during Node Summit in San Francisco.

Dependency on risky code

Podjarny provided an extreme example of how one simple application can be exposed to a potentially large number of security threats.

“It has 19 lines of code, which uses two packages, which in turn uses 19 packages, which bring in 190,000 lines of code.… The majority of code in your application, especially with Node, is not first-party; it’s third-party code. And that means most of your security risk crops up there,” Podjarny said. 

The trend toward server-less computing is driving more risk up the stack into the application space where developers spend more of their time implementing custom code based on NPM packages, Podjarny explained.

“A lot of the lower levels get abstracted away. You don’t need to manage servers or operating systems. With that, a lot of security concerns go away which focuses the attackers on the application.… So platform as a service really increases the importance of dealing with application security well,” Podjarny concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Node Summit 2017.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU