Y
Hacker News
new
|
ask
|
show
|
jobs
by
boricj
669 days ago
SBOMs can't flag vulnerable dependencies until after those are publicly known. Traceability is useful when mitigating a crisis, but it won't prevent one.
1 comments
h4ck_th3_pl4n3t
667 days ago
> Traceability is useful when mitigating a crisis, but it won't prevent one.
So how do you prevent a crisis then without knowing what your software stack has as dependencies?
link
So how do you prevent a crisis then without knowing what your software stack has as dependencies?