[Cryptography] Quicksand
Jerry Leichter
leichter at lrw.com
Mon May 28 16:29:29 EDT 2018
Interesting and scary analysis of the "state of play" for Javascript code in the wild. Quick summary: Pretty much every page out there relies on a variety of libraries, but almost no one keeps up to date with the (frequent) security patches those libraries need. And the library maintainers don't even bother to publicize the security updates they make, so keeping up to date is extremely difficult. Since it's difficult, no one does it. Lather, rinse, repeat.
"Thou Shalt Not Depend on Me: A look at JavaScript libraries in the wild"
https://queue.acm.org/detail.cfm?id=3205288
-- Jerry
More information about the cryptography
mailing list