3rd Party JavaScript…party

This post is coming directly from Considering 3rd party purchases and tools post— so see it for deeper dive into Threat Modeling product assessments by clicking here. This explanation is beefy enough to warrant it’s own post, so enjoy!

First — what are the risks with 3rd party products?

• Breaking changes: Not just by code injection, but another scenario is if your tooling depends on a CDN and it changes, it might break your site or cause an outage. Not all the problems are malicious by intent.
• Loss of control of your client product…