SES in Action
Here are examples of SES case studies, each addressing the need to reduce vulnerabilities to third-party libraries:
For further reading, I recommend Kate Sills’ essay “POLA Would Have Prevented the Event-Stream Incident.” An Agoric engineer, Sills looks at how malicious code in the event-stream npm package last year left some Bitcoin users’ private keys vulnerable. Sills explains how SES used to enforce the Principle of Least Authority (POLA), could have avoided this.
Thanks for reading! You can join the Agoric community on Twitter, Telegram, LinkedIn, and catch us at these upcoming events.