{"id":1702,"date":"2022-02-07T12:54:45","date_gmt":"2022-02-07T12:54:45","guid":{"rendered":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/?p=1702"},"modified":"2022-06-20T10:48:37","modified_gmt":"2022-06-20T10:48:37","slug":"security-and-compliance-in-software-projects","status":"publish","type":"post","link":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/","title":{"rendered":"Security and compliance in software projects \u2013 getting dependencies under control"},"content":{"rendered":"\n
\"Symbolic<\/figure>\n\n\n\n
<\/div>\n\n\n\n

This blog post addresses the high standards of security and compliance that we have to meet in every software project. Trained security engineers are responsible for ensuring that we achieve this within any given project. An especially persistent challenge they face is dealing with the countless dependencies present in software projects, and getting them \u2013 and their variety of versions \u2013 under control.<\/p>\n\n\n\n

\"tree
Figure 1: An excerpt from the dependency graph of an npm package, taken from npmgraph.js.org\/?q=mocha <\/em><\/figcaption><\/figure>\n\n\n\n
<\/div>\n\n\n\n

Challenges in software projects<\/strong><\/h2>\n\n\n\n

For some time now, large-scale software projects have consisted of smaller components that can each be reused to serve their particular purpose. Components with features that are not intended to be kept clandestine are increasingly being published in the form of free and open-source software \u2013 or FOSS for short \u2013 which is freely licensed for reuse.<\/p>\n\n\n\n

To assess and prevent security vulnerabilities, it is vital that we have a complete overview of all the third-party libraries we are integrating, as any of our imported modules may be associated with multiple dependencies. This can result in the overall number of dependencies that we are aware of stretching into the thousands \u2013 making it difficult to maintain a clear picture of licences and security vulnerabilities among the various versions.<\/p>\n\n\n\n

Based on reports of incidents in recent years, such as supply chain attacks and dependency hijacking, there is no mistaking the significant impact that issues like these can have. For an interesting meta-analysis of breaches of this kind, we would recommend Ax Sharma\u2019s article \u201cWhat Constitutes a Software Supply Chain Attack\u201d (https:\/\/blog.sonatype.com\/what-constitutes-a-software-supply-chain-attack). Here, we\u2019re going to delve deeper into how to handle components in both large-scale and small-scale software projects, working from the perspective of a security engineer.<\/p>\n\n\n\n

<\/div>\n\n\n\n

FOSS scanning tool solutions<\/strong><\/h2>\n\n\n\n

Over time, some projects have managed to overcome the issues associated with identifying FOSS components. Today, there are programs available for creating bills of materials (BOMs) and overviews of security risks, and we have tried these out ourselves.<\/p>\n\n\n\n

There are also large catalogues such as Node Package Manager (npm), containing detailed information about the components available in any given case.<\/p>\n\n\n\n

Open-source components of this kind might be free to use, but they still involve a certain amount of work, particularly in cases where they are being used in major and long-term software projects.<\/p>\n\n\n\n

To perform our own evaluations, we have combined the OWASP Dependency-Check<\/em> (DC) tool and the OSS Review Toolkit<\/em> in order to create a solution for identifying security problems through DCs and checking that licensing conditions are being adhered to. Compared with commercial solutions such as Black Duck, these tools provide a free, open option for gaining an overview of FOSS components in projects and evaluating the risks associated with them.<\/p>\n\n\n\n

That said, our experience has shown that these tools also involve additional work in the form of configuration and ongoing reviews (in other words, re-running scans in order to identify new security issues).<\/p>\n\n\n\n

<\/div>\n\n\n\n

What software engineers are responsible for<\/strong><\/h2>\n\n\n\n

Our guidelines for ensuring secure development and using open-source tools outline the processes we require and the goals that our security engineers have to keep in mind when they are approaching a project. Below is probably the most important part of those guidelines:<\/p>\n\n\n\n

It is our responsibility that the following so called Essential FOSS Requirements<\/em> are fulfilled:<\/p>\n\n\n\n

  • All included FOSS components have been identified and the fitness for purpose has been confirmed.<\/li>
  • All licenses of the included FOSS have been identified, reviewed and compatibility to the final product\/service offering has been verified. Any FOSS without a (valid) license has been removed.<\/li>
  • All license obligations have been fulfilled.<\/li>
  • All FOSS are continuously \u2013 before and after release \u2013 monitored for security vulnerabilities. Any relevant vulnerability is mitigated during the whole lifecycle.<\/li>
  • The FOSS Disclosure Statement is available to the user.<\/li>
  • The Bill of Material is available internally.<\/li><\/ul>\n\n\n\n

    For that it must be ensured that<\/p>\n\n\n\n

    • the relevant FOSS roles are determined and nominated.<\/li>
    • the executing development and procurement staff is properly trained and staffed.<\/li><\/ul>\n\n\n\n

      These guidelines form the basis for developing mandatory training, equipping subject matter experts with the right knowledge and putting quality control measures in place.<\/p>\n\n\n\n

      <\/div>\n\n\n\n

      The processes involved<\/strong><\/h2>\n\n\n\n
      • Investigation prior to integration (licences and operational risks such as update frequency)<\/em><\/li>
      • Update monitoring (operational risks)<\/em><\/li><\/ul>\n\n\n\n

        Let\u2019s say that a new function needs to be built into a software project. In many cases, developers will already be aware of FOSS tools that could help introduce the function.<\/p>\n\n\n\n

        Where feasible, it is important that whichever developer is involved in the project knows how to handle package managers and the potential implications of using them so that they know how to account for the results produced by tools or analyses. As an example, developers need to be able to visualise how many parts are involved in a top-level dependency, or evaluate various dependencies associated with the same function in order to maintain security in any future development work. In other words, they must be able to assess operational risks. More and more nowadays, we are seeing projects that aim to keep the number of dependencies low. This needs to be taken into account when selecting components so that, wherever possible, additional dependencies only provide the functions that are really needed.<\/p>\n\n\n\n

        Before integration, the security engineer also has to check potential imports for any security vulnerabilities and verify that they have a compatible licence. An equally important job is reviewing the operational risks, involving aspects such as the following:<\/p>\n\n\n\n

        • How up-to-date the import is<\/li>
        • Whether it is actively maintained or has a keenly involved community<\/li>
        • Whether the update cycle is agile enough to deal with any security vulnerabilities that crop up<\/li>
        • How important secure handling of dependencies is considered to be<\/li>
        • Whether the number of additional dependencies is reasonable and whether it is reduced where possible<\/li><\/ul>\n\n\n\n

          During the development process and while operation is taking place further down the line, the project team also has to be notified whenever new security vulnerabilities are identified or closed. This may involve periodic scans or a database with security vulnerability alerts. Periodic scans have the advantage of running more independently than a database, which requires hardware and alerts to be provided. However, alerts are among the benefits offered by software composition analysis solutions such as Black Duck.<\/p>\n\n\n\n

          As the number of well-marked FOSS tools rises, the amount of time that needs to be invested in curating them manually is becoming comparatively low. The work that does need to be done may involve declaring a licence \u2013 and adding easy-to-find, well-formatted copyright details to components, as these have often been given highly unusual formats or left out altogether in older components. Cases in which no licence details are provided should never be misconstrued as carte blanche invitations to proceed \u2013 without a licence, a component must not be used without the author\u2019s consent.<\/p>\n\n\n\n

          <\/div>\n\n\n\n

          Example of a security vulnerability<\/strong><\/h2>\n\n\n\n

          An example of a complex security vulnerability was published in CVE-2021-32796. The module creating the issue, xmldom, is indirectly integrated via two additional dependencies in our example project here.<\/p>\n\n\n\n

          Black Duck shows the following security warning related to the module:<\/p>\n\n\n\n

          \"screenshot
          Figure 2: Black Duck example summarising a vulnerability<\/em><\/figcaption><\/figure>\n\n\n\n
          <\/div>\n\n\n\n

          This gives a security engineer enough information to make a broad assessment of the implications that this vulnerability has. Information is also provided with the patch in version 0.7.0.<\/p>\n\n\n\n

          <\/div>\n\n\n\n

          The importance of having enough time in advance when it comes to running updates\/replacing components<\/strong><\/h2>\n\n\n\n

          Before issuing new publications under @xmldom\/xmldom, we have had the time to check how much work would be involved if we were to do without this dependency.<\/p>\n\n\n\n

          To benefit from this kind of time in a project, it is useful to gain an overview of potential issues right at the development stage, and ensure that there is enough of a time buffer leading up to the point at which the product is published.<\/p>\n\n\n\n

          This makes it easier for developers to evaluate workarounds for problematic software libraries, whether they are affected by security vulnerabilities, incompatible licences or other operational risks.<\/p>\n\n\n\n

          <\/div>\n\n\n\n

          Summary<\/strong><\/h2>\n\n\n\n

          This post has provided an overview of the project work we do involving the large variety of open-source software out there, and has outlined what security engineers need to do when handling open-source software. By using the very latest tools, we are able to maintain control over a whole range of dependencies and establish the transparency and security we need. Dependencies need to be evaluated by a trained team before they are integrated and then monitored throughout the software lifecycle, with the team responding to any issues that may arise.<\/p>\n","protected":false},"excerpt":{"rendered":"

          This blog post addresses the high standards of security and compliance that we have to meet in every software project. Trained security engineers are responsible for ensuring that we achieve this within any given project. An especially persistent challenge they face is dealing with the countless dependencies present in software projects, and getting them \u2013 and their variety of versions \u2013 under control.<\/p>\n","protected":false},"author":135,"featured_media":1707,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"categories":[803,1,7],"tags":[791,792,793,794,54,98,203,675,790],"topics":[81],"class_list":["post-1702","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-services","category-general","category-quality-assurance","tag-compliance","tag-software-development-project","tag-security-engineer","tag-foss","tag-software-development","tag-security","tag-editorschoice","tag-zeiss-digital-innovation","tag-software-projects","topics-security"],"acf":[],"yoast_head":"\nSecurity and compliance in ... - ZEISS Digital Innovation Blog<\/title>\n<meta name=\"description\" content=\"This blog post addresses the high standards of security and compliance that we have to meet in every software project.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security and compliance in ... - ZEISS Digital Innovation Blog\" \/>\n<meta property=\"og:description\" content=\"This blog post addresses the high standards of security and compliance that we have to meet in every software project.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/\" \/>\n<meta property=\"og:site_name\" content=\"Digital Innovation Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-07T12:54:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-20T10:48:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Martin R\u00f6bke\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Security and comliance in software projects\" \/>\n<meta name=\"twitter:description\" content=\"This blog post addresses the high standards of security and compliance that we have to meet in every software project.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Martin R\u00f6bke\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/\",\"url\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/\",\"name\":\"Security and compliance in ... - ZEISS Digital Innovation Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg\",\"datePublished\":\"2022-02-07T12:54:45+00:00\",\"dateModified\":\"2022-06-20T10:48:37+00:00\",\"author\":{\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#\/schema\/person\/7120c9717bd63bee076432aaf7568b9c\"},\"description\":\"This blog post addresses the high standards of security and compliance that we have to meet in every software project.\",\"breadcrumb\":{\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#primaryimage\",\"url\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg\",\"contentUrl\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg\",\"width\":1920,\"height\":1280},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security and compliance in software projects \u2013 getting dependencies under control\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#website\",\"url\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/\",\"name\":\"Digital Innovation Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#\/schema\/person\/7120c9717bd63bee076432aaf7568b9c\",\"name\":\"Martin R\u00f6bke\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/01\/roebke_martin-150x150.jpg\",\"contentUrl\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/01\/roebke_martin-150x150.jpg\",\"caption\":\"Martin R\u00f6bke\"},\"description\":\"Martin R\u00f6bke works as a Software Developer at ZEISS Digital Innovation. He studied computer science at Dresden University of Technology and his main focus lies on Java\/Typescript Development, Azure DevOps and Application Security. He is also interested in topics regarding Software Security, Python\/Powershell, visualization and Graph databases.\",\"url\":\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/author\/enmartinroebke\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security and compliance in ... - ZEISS Digital Innovation Blog","description":"This blog post addresses the high standards of security and compliance that we have to meet in every software project.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/","og_locale":"en_US","og_type":"article","og_title":"Security and compliance in ... - ZEISS Digital Innovation Blog","og_description":"This blog post addresses the high standards of security and compliance that we have to meet in every software project.","og_url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/","og_site_name":"Digital Innovation Blog","article_published_time":"2022-02-07T12:54:45+00:00","article_modified_time":"2022-06-20T10:48:37+00:00","og_image":[{"width":1920,"height":1280,"url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg","type":"image\/jpeg"}],"author":"Martin R\u00f6bke","twitter_card":"summary_large_image","twitter_title":"Security and comliance in software projects","twitter_description":"This blog post addresses the high standards of security and compliance that we have to meet in every software project.","twitter_misc":{"Written by":"Martin R\u00f6bke","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/","url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/","name":"Security and compliance in ... - ZEISS Digital Innovation Blog","isPartOf":{"@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#primaryimage"},"image":{"@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#primaryimage"},"thumbnailUrl":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg","datePublished":"2022-02-07T12:54:45+00:00","dateModified":"2022-06-20T10:48:37+00:00","author":{"@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#\/schema\/person\/7120c9717bd63bee076432aaf7568b9c"},"description":"This blog post addresses the high standards of security and compliance that we have to meet in every software project.","breadcrumb":{"@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#primaryimage","url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg","contentUrl":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px.jpg","width":1920,"height":1280},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/security-and-compliance-in-software-projects\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/"},{"@type":"ListItem","position":2,"name":"Security and compliance in software projects \u2013 getting dependencies under control"}]},{"@type":"WebSite","@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#website","url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/","name":"Digital Innovation Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#\/schema\/person\/7120c9717bd63bee076432aaf7568b9c","name":"Martin R\u00f6bke","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/#\/schema\/person\/image\/","url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/01\/roebke_martin-150x150.jpg","contentUrl":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/01\/roebke_martin-150x150.jpg","caption":"Martin R\u00f6bke"},"description":"Martin R\u00f6bke works as a Software Developer at ZEISS Digital Innovation. He studied computer science at Dresden University of Technology and his main focus lies on Java\/Typescript Development, Azure DevOps and Application Security. He is also interested in topics regarding Software Security, Python\/Powershell, visualization and Graph databases.","url":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/author\/enmartinroebke\/"}]}},"author_meta":{"display_name":"Martin R\u00f6bke","author_link":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/author\/enmartinroebke\/"},"featured_img":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-content\/uploads\/sites\/3\/2022\/02\/shutterstock_1051184564__1920px-600x400.jpg","coauthors":[],"tax_additional":{"categories":{"linked":["<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/software-services\/\" class=\"advgb-post-tax-term\">Software Services<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/general\/\" class=\"advgb-post-tax-term\">General<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">Quality Assurance<\/a>"],"unlinked":["<span class=\"advgb-post-tax-term\">Software Services<\/span>","<span class=\"advgb-post-tax-term\">General<\/span>","<span class=\"advgb-post-tax-term\">Quality Assurance<\/span>"]},"tags":{"linked":["<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">Compliance<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">software development project<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">Security Engineer<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">FOSS<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">software development<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">Security<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">Editor's Choice<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">ZEISS Digital Innovation<\/a>","<a href=\"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/category\/quality-assurance\/\" class=\"advgb-post-tax-term\">software projects<\/a>"],"unlinked":["<span class=\"advgb-post-tax-term\">Compliance<\/span>","<span class=\"advgb-post-tax-term\">software development project<\/span>","<span class=\"advgb-post-tax-term\">Security Engineer<\/span>","<span class=\"advgb-post-tax-term\">FOSS<\/span>","<span class=\"advgb-post-tax-term\">software development<\/span>","<span class=\"advgb-post-tax-term\">Security<\/span>","<span class=\"advgb-post-tax-term\">Editor's Choice<\/span>","<span class=\"advgb-post-tax-term\">ZEISS Digital Innovation<\/span>","<span class=\"advgb-post-tax-term\">software projects<\/span>"]}},"comment_count":"0","relative_dates":{"created":"Posted 4 years ago","modified":"Updated 4 years ago"},"absolute_dates":{"created":"Posted on February 7, 2022","modified":"Updated on June 20, 2022"},"absolute_dates_time":{"created":"Posted on February 7, 2022 12:54 pm","modified":"Updated on June 20, 2022 10:48 am"},"featured_img_caption":"","series_order":"","_links":{"self":[{"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/posts\/1702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/users\/135"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/comments?post=1702"}],"version-history":[{"count":12,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/posts\/1702\/revisions"}],"predecessor-version":[{"id":1802,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/posts\/1702\/revisions\/1802"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/media\/1707"}],"wp:attachment":[{"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/media?parent=1702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/categories?post=1702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/tags?post=1702"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/blogs.zeiss.com\/digital-innovation\/en\/wp-json\/wp\/v2\/topics?post=1702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}