Discussion about this post

User's avatar
Laurent Hausermann's avatar

Very good article. Thanks Chris

One the age / version number - to add to the difficulty of analysis, we should always remember that good software engineering teams prefer to apply high severity security patches in the code without updating the whole component and so without changing the version number…. so looking only at package names and version numbers is misleading

Expand full comment

No posts