UPDATED 18:30 EDT / AUGUST 01 2017

APPS

Snyk tackles security risk in open-sourced Node.js libraries

In modern web applications based on open-sourced libraries, often times developers are not aware of just how much dependency there is on risky third-party software packages. Guy Podjarny (pictured), co-founder and chief executive officer at Snyk Ltd., explained how his company is ensuring developers are working with Node.js packages free from security flaws. Node.js is an open-source JavaScript runtime based on Chrome’s V8 engine.

“Snyk deals with open-source security, specifically in Node.js in the world of NPM [Node Package Manager]. NPM is amazing and allows us to build on the shoulders of giants. But there are some inherent security risks with just pulling code off the internet and running it in your application,” Podjarny said. 

Snyk spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during Node Summit in San Francisco.

Dependency on risky code

Podjarny provided an extreme example of how one simple application can be exposed to a potentially large number of security threats.

“It has 19 lines of code, which uses two packages, which in turn uses 19 packages, which bring in 190,000 lines of code.… The majority of code in your application, especially with Node, is not first-party; it’s third-party code. And that means most of your security risk crops up there,” Podjarny said. 

The trend toward server-less computing is driving more risk up the stack into the application space where developers spend more of their time implementing custom code based on NPM packages, Podjarny explained.

“A lot of the lower levels get abstracted away. You don’t need to manage servers or operating systems. With that, a lot of security concerns go away which focuses the attackers on the application.… So platform as a service really increases the importance of dealing with application security well,” Podjarny concluded.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Node Summit 2017.

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.