Thanks for reading and commenting! Dependabot and services like Bytesafe help. It’s important to protect the whole organization.
If developers happened to upgrade their application dependencies before the vulnerabilities were known - then they would easily be compromised. What I’m saying is that dependency security is very often dependent on individual developers, rather than company-level policies, which require some sort of dependency firewall to enforce.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for reading and commenting! Dependabot and services like Bytesafe help. It’s important to protect the whole organization.
If developers happened to upgrade their application dependencies before the vulnerabilities were known - then they would easily be compromised. What I’m saying is that dependency security is very often dependent on individual developers, rather than company-level policies, which require some sort of dependency firewall to enforce.