Below you will find pages that utilize the taxonomy term “cve”
Posts
Curating Dependency Vulnerabilities
In this post, I am going to look at an increasingly important part of securing applications: Your supply chain. This includes every library, tool or service that you are using to build, run and monitor your service.
When the log4shell vulnerability hit, it wasn’t just a matter of looking at the dependencies that your source code pulls in, but also at the infrastructure you’re using and the build pipeline.
Have you had a look at the vulnerability reports of your dependencies lately?