The article explains how you can be constantly informed about security vulnerabilities for dependencies in just a few steps. Although this does not guarantee absolute security, with a minimum amount of effort it does avoid one of the ten most common security flaws in software (according to OWASP).
You can read the complete article here.
Johannes works as a Solution Architect and writes his own blog in his free time. So it makes perfect sense that he is the initiator and writer of the TRIOLOGY corporate blog. You can find his articles here.
I put a few questions to Johannes about his current article and his activities within the community:
- Johannes, why is the topic “Automatic checks for vulnerabilities in Java project dependencies” so important?
It is usually implicitly expected by clients that the software is secure, but no explicit requirements in relation to this actually exist. In order to reconcile economic feasibility and quality, this automated examination method makes sense. The most common faults can be avoided with just a little effort, and it is for this reason that every developer should use this method.
- What role does this approach play in the software development process?
Due to the fact that the tool OWASP Dependency Check, which is described in the article, is not yet so well known, it is also not used in the majority of projects. With this tool, known security vulnerabilities can be easily avoided, and this is why it certainly has an important role to play in the software development process.
- How should IT security be treated within the company?
A significant consciousness and understanding for security should exist, both among clients as well as among the developers. The customer needs to understand that the system can be “broken into”, just like a house can be broken into for example, and that an investment in the security of systems is a good one to make.
Security is a quality characteristic of software and, for this reason, should absolutely be taken into consideration.
- You also have your own private blog. What made you start writing blogs?
The motivation to write the blog came from searching on the internet for topics myself, but not finding them. Besides, I also enjoy writing, and benefit from my blog myself because I can use it as a “reference”.
- How did you come up with the name for your blog “IT affinity!”?
I stumbled across a job description in which a requirement for the employee was “IT-Affinity”, and I found that the term was a good match for my blog. IT affinity applies to me both in my job, as well as in my free time.
- What other blogs on this topic could you recommend?
I can only think of the blogger Martin Fowler, who stimulated fundamental ideas, patterns and trends in software development.
Thanks Johannes for that glimpse “behind the scenes”.