top | item 39094824

(no title)

jra_samba | 2 years ago

No one in these days of cyber attacks should be shipping unknown third party dependencies. How could you fix unknown dependencies in case of severe CVE's in them ? Unknown third party dependencies are a sign of utter amateur incompetence in product development.

Once you have all third party dependencies cataloged, licence compliance should just shake out in the wash.

discuss

No comments yet.