|
|
|
|
|
|
by ghaff
1220 days ago
|
|
|
Furthermore, as the author of the Sonatype piece told me last fall, it also goes beyond the upstream project and any distributor. In the case of a lot of vulnerabilities, the fixes have existed in the upstream for maybe a year or more. But they're still in downstream code that has never been updated. |
|
|