Tierney is a member and former Chairperson of the Node.js Community Committee, and a contributor to multiple Node.js working groups and initiatives focusing on the continued growth and success of the Node.js community. He's been contributing to open-source since he was 16, starting out in MyBB – a PHP forum system. Since then, his focus has largely been geared toward developer tooling and communities.
Tierney`s talk: Automating Your Vulnerabilities Away
Your production Node.js applications are insecure. These vulnerabilities aren't coming from the module ecosystem, as you may expect – they're coming from your own engineering practices. Node.js versions are the root cause of vulnerabilities in production that your team isn't managing effectively. But, there's a light at the end of the tunnel – that light is automation. The Node.js project actively ships updates often and with notice, and does their best to effectively communicate the changes that specifically revolve around security releases. Nevertheless, your Node.js versions are a few releases behind because your app _works_ regardless of the Node.js version that's running – as such, upgrading is a lower priority than literally anything else you could possibly be doing. In this talk you'll learn about the resources that are currently available to help you and your ops team keep your Node.js versions up to date, covering your apps from being attacked with publicly disclosed vulnerabilities.