← Back to Works

CVE Audit & Resolution

View the slides

A lightning talk first presented at UpstatePHP in South Carolina on February 19th, 2026, on resolving CVEs in your dependencies from both a security and audit perspective. Covers how SCA tools detect vulnerabilities across PHP and JS dependency trees, the nuances of Composer's flat vs npm's nested resolution, and a tiered strategy for resolution — from staying ahead of updates, to working with maintainers, forking packages, and formally documenting risk acceptance for enterprise compliance frameworks like ISO 27001, SOC 2, and HIPAA.