|
|
|
|
|
|
by eyakubovich
1204 days ago
|
|
|
100% agree. The reality is that updating a dependency always carries some risk and sometimes requires changes to code. Reducing the amount of upgrades that have to be done under a stringent SLA makes life easier. In larger orgs we’ve talked to the ratio of eng:apps can be 1:2 or worse, so ownership is harder. In addition, for a fair amount of vulnerabilities, a fix is not available. These situations require a more involved risk assessment and remediation plan (e.g. moving to an alternate dependency). We aim to reduce the toil in such cases as well. |
|
|