Tag: transitive dependencies
The Risk Profile of AI-Driven Development
Ilkka Turunen | | AI-generated code, AIBOM, autonomous development, autonomous security, challenge bottleneck, CI CD gating, cloud-native security, Dependency Management, GRC engineering, hallucinations, IDE controls, license compliance, machine speed enforcement, OpenSSF Gemara, Outdated Dependencies, policy based dependency selection, prompt level governance, review bottleneck, runtime transparency, SBoM, secure by default, shift left security, Software Supply Chain, threat modeling, transitive dependencies, trusted registries, typosquattingAnalysis arguing that AI-driven code generation accelerates dependency decisions and expands supply-chain risk, requiring shift-left governance, prompt-level controls, automated SBOM/AIBOM visibility, threat-modeling as engineering, and autonomous security to match autonomous development ...
The Silent Technical Debt: Why Manual Remediation Is Costing You More Than You Think
Bob Shaker | | ActiveState report, continuous remediation, cybersecurity efficiency, Dependency Management, developer productivity, devsecops, engineering performance, innovation tax, intelligent remediation, KubeCon 2025, manual remediation, Mean Time to Remediate, mttr, open source security, remediation debt, security automation, software vulnerabilities, technical debt, transitive dependencies, vulnerability managementManual vulnerability remediation drains time, innovation, and security. Learn how intelligent remediation eliminates hidden technical debt and accelerates DevSecOps ...
Massive Number of Transitive Dependencies Traced to Open Source Code
An analysis of nearly 2,000 software packages published by Endor Labs found 95% of all application vulnerabilities can be traced back to a transitive dependency created when a developer used an open ...
