lemmydividebyzero@reddthat.com to

Technology@lemmy.worldEnglish · 19 days ago

Every dependency you add is a supply chain attack waiting to happen

cross-posted to:
programming@programming.dev

74

Every dependency you add is a supply chain attack waiting to happen

lemmydividebyzero@reddthat.com to

Technology@lemmy.worldEnglish · 19 days ago

cross-posted to:
programming@programming.dev

Dependencies are a huge supply chain security risk; the more of them you have, and the more often you update, the bigger the attack surface.

Chat

renegadespork@lemmy.jelliefrontier.net
link
fedilink
English
arrow-up
2·
19 days ago

you’re advocating updating without checking,

Uh… no. That’s not what I said. I said there’s risk in both updating and not updating. You need to do the assessment to decide which one is best for the situation.

Technology@lemmy.world

technology@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

3.27K users / day
9.66K users / week
15.5K users / month
31K users / 6 months
2 local subscribers
84.4K subscribers
8.9K Posts
295K Comments
Modlog