lemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 13 hours agoEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comexternal-linkmessage-square6linkfedilinkarrow-up145arrow-down14
arrow-up141arrow-down1external-linkEvery dependency you add is a supply chain attack waiting to happenbenhoyt.comlemmydividebyzero@reddthat.com to Technology@lemmy.worldEnglish · 13 hours agomessage-square6linkfedilink
minus-squareearthworm@sh.itjust.workslinkfedilinkEnglisharrow-up10·9 hours ago The careful reader may note that my title is not quite accurate. It’s not every dependency you add that’s a problem; it’s every dependency you update. Why not put that in the title, Mr. Hoyt?
minus-squarerenegadespork@lemmy.jelliefrontier.netlinkfedilinkEnglisharrow-up8·9 hours agoEvery dependency you don’t update is a zero day waiting to happen. All software carries risk.
Why not put that in the title, Mr. Hoyt?
Every dependency you don’t update is a zero day waiting to happen. All software carries risk.