Over the last week I’ve been heads-down on core Dasher work, but with very little visible result. Here’s why.
Early last week I received an email telling me that it was time to dig into Dasher’s use of 3rd party components and make sure there weren’t any security issues. (This isn’t something unusual – all our products go through this, and many of our research projects, too.) As anyone working on web development projects will know, it’s important to go through from time to time to reduce the technical debt that accumulates due to the use of old libraries and components that have been deprecated, superseded or just plain improved. Old open source libraries present a huge security risk for companies, as hackers scan for vulnerabilities they can exploit, and it’s pretty straightforward to understand what libraries and components a web-based tool uses (in the front-end, at least).
When I looked at Dasher I realised it had been way too long since I’d gone through and…