Supply chain security
It should be obvious to anyone paying attention that software has always had a security problem. This problem is getting worse since software usage continues to increase and cover more and more areas of our daily lives.
There are two parts to improving security: the cybersecurity experts, who can find vulnerabilities and build protection tools, and the software developers, who need to find security issues before release and manage the accompanying risks. We know there’s no perfectly secure software, but we also know that things can get much better.
A specific area of this increased protection is managing the potential vulnerabilities that come with the libraries we use. There are two situations: either vulnerabilities were introduced unknowingly, or they were injected on purpose by a malicious actor.
In all fairness, this can happen to any technology, and many of the high-profile C++ libraries are reviewed for security by large companies that use...
