Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It sounds like you download software blindly from the Internet with the extra preliminary steps that make your customers happy.


It's less blind than other places I have worked.

When a CVE is announced, we know immediately if we are impacted and what will need to be fixed.

Some places have no idea what their dependencies are. I am sure there are lots of log4j horror stories from Java shops that were not so careful.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: