![]() To properly plan for such situations, IT and engineering organizations should implement a policy which identifies any third party libraries, services, components and APIs and then monitors for changes in these dependencies. ![]() A decision made by a third party could easily have a significant impact on operations, and potentially be an impact which is challenging to securely mitigate. ![]() While the Tampermonkey and Opera teams have come to a resolution which removed Tampermonkey from the blacklist, this situation highlights a requirement for all IT organizations and engineering teams to clearly understand their dependencies are. The net result being that legitimate Opera users of Tampermonkey were also impacted. Upon inspecting Tampermonkey , Opera determined that blacklisting it was the most effective way to black the malicious application. In this case, it appears Opera identified a specific version of a component,Tampermonkey, which, in addition to being legitimate, was also being distributed with a malicious application. Modern software is a combination of libraries, third party components and third party services – in addition to the custom code created. “While in blacklisting a specific version of Tampermonkey , Opera acted out of concern for the security of their end users, this situation highlights the risks present in modern applications.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |