Vulnerability Management for Go

Developers depend on software written by others more than ever, yet we often download code from strangers off the internet, without investigating the risks that may come with pulling in dependencies. To enable Go developers to find vulnerabilities in their dependencies, the Go Team built Go's support for vulnerability management. This talk discusses the tools available to Go developers and how they can be leveraged to build more secure and reliable software with Go. It covers the concept of software supply chains, the challenges of managing vulnerabilities in dependencies, and introduces Go's native support for vulnerability management, including the Go vulnerability database and the `go vulncheck` tool.