11 Nov Lack of Version Pinning and Dependency Confusion
In software development we depend on both own and third-party components or artifacts. A flexible Dependency Management is essential for modern software. Package managers like NPM, Maven, pip or NuGet are often used to specify software dependencies. These tools were designed with convenience and ease-of-use in mind, not security.  The problem The problem...
