all InfoSec news
How bulk pull requests could help scale open source bug fixes in the supply chain
Malware Analysis, News and Indicators - Latest topics malware.news
The complicated tangle of dependencies in modern software development processes make it tricky to identify dangerous flaws hidden in open-source software (OSS) projects. But the bigger bugaboo has been how to issue fixes to vulnerable projects at a scale that can reduce the attack surface across the entire software supply chain.
How do you scale bug fixes for a single flaw that has been duplicated across thousands of OSS projects, each of which has its own maintainers, coding language, …
attack attack surface bug coding culture dependencies development fixes flaw flaws hidden identify issue language maintainers open source open-source software oss own processes project projects pull requests requests scale single software software development software supply chain supply supply chain vulnerable