JavaScript applications use and rely on a lot of third-party code, including modules, packages, libraries, and in some cases even user-provided code for extensions and plug-ins. Too often, applications are fully vulnerable to these code dependencies, so not only do their current security vulnerabilities impact the applications, so do future vulnerabilities. Over night, any dependency could get “upgraded” into an exploit, resulting in a security breach like the event-stream incident.

This is where SES comes in. SES is a JavaScript runtime library for running such third-party code safely inside a featherweight compartment. SES stands for Secure ECMAScript, where ECMAScript is…

Mark S. Miller

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store