alt Hacker NewsAnd the best recommendation security teams can give - keep your SBOM strict, use min release age policy (sounds more like band-aid). That's a scary world to live in.
Replies
nicce • today at 9:23 AM
> keep your SBOM strict
Based on the news, seems like it is better to not include Microsoft at all in there.
a friend of mine has a very different solution: he codes everything by hand. he says that the time you need to research to include a new package you can actually use to code the piece you need. and he for sure doesn't have the problems of transitive dependencies