Function as a Service (FaaS) platforms patch your operating system dependencies for you, but do nothing to secure your application dependencies, such as those pulled from npm, PyPI, Maven and the likes. These libraries are just as prevalent and just as vulnerable as operating system dependencies, and you—the application owner—are responsible for upgrading or patching them when a vulnerability in them is disclosed.
Furthermore, since attackers know that server dependencies at the operating system level, which are the responsibility of the cloud provider, are patched quickly, they will focus their attention on application code and application dependencies.
To read more about this, click the link below:
This complimentary resource is offered by Snyk, an AWS Community Partner. This content first appeared here.