Comment by Levitating 24 days ago Or just lock to a specific version? 3 comments Levitating Reply silverwind 24 days ago Eventually you will want to update it, every update is a risk. SkyPuncher 24 days ago But, pinning has prevented most of the recent supply chain attacks.As long as you don't update your pins during an active supply chain attack, the risk surface is rather low. habinero 24 days ago The flip side of that is now you're running old software and CVEs get published all the time. Threat actors actively scan the internet looking for software that's vulnerable to new CVEs.
silverwind 24 days ago Eventually you will want to update it, every update is a risk. SkyPuncher 24 days ago But, pinning has prevented most of the recent supply chain attacks.As long as you don't update your pins during an active supply chain attack, the risk surface is rather low. habinero 24 days ago The flip side of that is now you're running old software and CVEs get published all the time. Threat actors actively scan the internet looking for software that's vulnerable to new CVEs.
SkyPuncher 24 days ago But, pinning has prevented most of the recent supply chain attacks.As long as you don't update your pins during an active supply chain attack, the risk surface is rather low. habinero 24 days ago The flip side of that is now you're running old software and CVEs get published all the time. Threat actors actively scan the internet looking for software that's vulnerable to new CVEs.
habinero 24 days ago The flip side of that is now you're running old software and CVEs get published all the time. Threat actors actively scan the internet looking for software that's vulnerable to new CVEs.
Eventually you will want to update it, every update is a risk.
But, pinning has prevented most of the recent supply chain attacks.
As long as you don't update your pins during an active supply chain attack, the risk surface is rather low.
The flip side of that is now you're running old software and CVEs get published all the time. Threat actors actively scan the internet looking for software that's vulnerable to new CVEs.