|
|
|
|
|
|
by woodruffw
6 days ago
|
|
|
> How many people are paying security firms to test these things during the cooldown period? More than I think should be, frankly. More than enough for a sustainable industry. As for “which firms”: if you Google any of the recent dependency compromises, you’ll see their names. My rough guess is that there are somewhere between 12 and 20 active players in the “supply chain security” space, and they generally compete for mindshare with blogspam. That’s not to say their scanning results aren’t good, though. |
|
|