|
|
|
|
|
|
by tompazourek
1690 days ago
|
|
|
This is a double edged sword. Because on one hand, you do pick up hotfix patches, but on the other hand, you are possibly bit more exposed to supply chain attacks. Any ideas on how to balance that out? Or should we just not consider supply chain attacks to be a real threat? |
|
|
Sandbox your dependencies.
Run automated security vulnerability testing on your program, looking for rogue behaviour.
Require code signatures on dependencies.
Identity security critical components and audit them.