Matteo Collina on Nostr: One of the things that puzzles me the most in the security ecosystem is why a ...
One of the things that puzzles me the most in the security ecosystem is why a deprecated package (or version) is not signaled as vulnerable by all the tools and scanners. It's unmaintained, so it is risky to depend upon it. Heck, the maintainers might not even be issuing CVEs for old versions.
Published at
2024-02-20 17:16:00Event JSON
{
"id": "8ed7cc7291664da995ed2de419c27112da3e18ef0f76e04e200cdb0b8da70584",
"pubkey": "84afd2faf632c84f9539aaeb2bab0e8552e22b40a04e3df184f5e6ee3cc31f6b",
"created_at": 1708449360,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/users/mcollina/statuses/111964937298388249",
"activitypub"
]
],
"content": "One of the things that puzzles me the most in the security ecosystem is why a deprecated package (or version) is not signaled as vulnerable by all the tools and scanners. It's unmaintained, so it is risky to depend upon it. Heck, the maintainers might not even be issuing CVEs for old versions.",
"sig": "b5d779c6b9b564104016ac9df940382259959928e1b1b38bf8f6a9a6425a9eeb6f6be2213f1ea8688613f8f1e4d5870951a2f1da23fdb64771d8abccc8d62a9f"
}
