A few months ago I integrated the Node Security Platform into the continous integration system we use at pHQ. This week it picked up a vulnerability for the first time (don’t worry, its since been patched 😉) which meant that I was alerted to the vulnerability and provided with a link to read about ways to mitigate the risk involved until a patch was available. Had we paid for a subscription to NSP it would submit a pull request to update the package(s) with the fix as soon as it was available.
In the case shown in the screenshot above you can see that the pHQ platform didn’t directly rely upon the vulnerable package, but had 5 dependencies which included it one way or another. If you’re not automatically checking for vulnerabilities then you may not find them as you probably don’t know how many packages you indirectly depend upon!
If you’re not using node something like Snyk may support your language.
As Software Engineers our job may be seen as producing features for users, but we have a duty to ensure that what we develop is secure and won’t put peoples money or personal information at risk. A dependency vulnerbility checked is one great tool to have in the box.
Last week I was promoted to Lead Software Engineer at PepperHQ.
As part of the meeting we discussed what I want to achieve in the year ahead. There’s a lot and I’m looking forward to it.
I’m going to try to be a bit better at keeping the blog up-to-date with details of my day-to-day work going forward.
This weekend I was trying to resolve an issue with an accidental purchase one of my relatives made on ViaGoGo. We realised the mistake the same day as the purchase, and I set about trying to get a refund.
Being the somewhat impatient person I can be with matters like this, and knowing that different channels of communication often result in different outcomes, I decided to send ViaGoGo an email and a direct message on Twitter at the same time.
A few hours later I got a response via both email and twitter (strangely enough, they replied by email first). The email I recieved was a pretty bad copy/paste job that started with “Dear mrs , ” Yes, lowercase Mrs. Yes, without my last name. The email told me that tickets were unrefundable and that they considered the case closed.
Meanwhile, on Twitter, I recieved a well written response and the offer of a full refund — which was then processed the same day.
The cynic in me thinks that perhaps companies are more likely to work with you when they know you have a public platform to complain about them on. But perhaps this isn’t the case, perhaps the different responses is just a function of speaking to different people in different roles (Community Manager vs Customer Support) or just people in different moods on that day.
Either way, I always seem to have recieved better customer service when I use a Social Network.