DeveloperWeek 2019 has ended
Welcome to DEVELOPERWEEK 2019.  Build the future.
Back To Schedule
Thursday, February 21 • 3:00pm - 3:25pm
PRO TALK: Building a Threat Model, and How npm Fits into It

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In an npm, Inc. survey of over 16,000 worldwide developers, 97% of JavaScript developers confirm they use open source code, 77% express concern about whether the open source software they use is secure, and 52% believe that there aren’t satisfactory methods for evaluating whether code is safe. Without built-in security protections, developers must rely on manual code reviews of complex, interdependent software packages, or third-party scans and audits that introduce additional complexity into developer workflows. Who might want to attack your application? If they tried, how would they succeed? Answering these questions is an important exercise that helps you understand how to keep your application secure, so you can sleep at night. Adam will discuss what threat modeling is and how to build threat models for development organizations and applications. And because npm is such a critical part of how developers build JavaScript applications, Adam will demonstrate how npm fits into threat models and how to use npm's tools to keep your JavaScript secure. Adam will also discuss the July 2018 “es-lint” incident, in which npm prevented a potential security event made possible when a developer re-used an old password.

avatar for Adam Baldwin

Adam Baldwin

Head of Security, npm, Inc.
Adam Baldwin is Head of Security at npm Inc., the company that powers the world’s JavaScript. An information security professional with over 24 years of experience, Adam has spent his career building companies, breaking into companies, managing teams, designing products, and talking... Read More →

Thursday February 21, 2019 3:00pm - 3:25pm PST
Junior Ballroom - Stage D