Dependency upgrades are the simplest, most effective way to mitigate risks—so why aren’t they the priority?
A look at the real-world impact of automated dependency upgrades via tools like Dependabot and Renovate on modern open-source projects
98% of PyMySQL forks are vulnerable to SQL Injection
Understanding the GitHub Security Advisory Database: A Must-Know for Open-Source Developers and Consumers
Exposing Common Misconceptions about CVEs, NVD, KEV Catalog, and EPSS
Neglecting the National Vulnerability Database: A Flaw We Can't Afford
Recognizing My Dream for Perpetual Learning
A global overview of vulnerability databases and disclosure practices
The AI race has created a cesspool of third-party packages
Hey, do you know about supply chain security? ... You mean SBOMs?
This one is for you CVE hype beasts looking to fill your resume 😉
Doing things that aren't intended to be done but should be