SE Radio 642: Simon Wijckmans on Third-Party Browser Script Security

Simon Wijckmans, founder of c/side -- a company
that focuses on monitoring, securing, and optimizing third-party
JavaScript -- joins SE Radio host Kanchan Shringi for a
conversation about the security risks posed by third-party
browser scripts. Through real-world examples and insights drawn
from his work in web security, Simon highlights the dangers,
including malicious attacks such as the recent Polyfill.io
incident. He emphasizes the need for vigilant monitoring, as
these third-party scripts remain essential for website
functionalities like analytics, chatbots, and ads, despite their
potential vulnerabilities. Simon explores the use of self-hosting
solutions and content security policies (CSPs) to minimize risks,
but he stresses that these measures alone are insufficient to
fully safeguard websites. 


As the discussion continues, they delve into the importance of
layering security approaches. Simon advocates for combining
techniques like CSPs, real-time monitoring, and AI-driven
analysis, which his company c/side employs to detect and block
malicious scripts. He also touches on the complexities of
securing single-page applications (SPAs), which allow scripts to
persist across pages without full reloads, increasing the attack
surface for third-party vulnerabilities. Brought to you
by IEEE Computer Society and IEEE Software magazine.