Modern applications are so complex and do so many things, that all but the largest of development efforts rely heavily on open source libraries to bootstrap themselves into a real working application. We are doing this in many different ways in our application. This includes grand large open source libraries, such as our framework, to smaller and perhaps more scary libraries like a google+ auth plugin (Not written by Google).
As the recent Heartbleed bug has show us, there are dangers to using such tools, but what else can a developer do? It would be some form of madness to constantly reinvent the wheel. Further code you write yourself is no less likely to not have bugs just as damning (often more likely).
How does one vet these libraries before including them in your application?
No comments:
Post a Comment