If no one’s looking for it, no one’s really thinking about it.
This is the classic security problem Gareth Rushgrove, director of product management at Snyk, pointed to during his conversation with The New Stack founder and publisher Alex Williams at KubeCon’s Cloud Native Security Day. Snyk is a Software-as-a-Service dedicated to helping organizations flag and fix vulnerabilities in their open source, third-party dependencies.
“Transitive dependencies are a really common source of vulnerabilities,” Rushgrove said. “Not [just] things that you choose to include, but the things you choose to include choose to include, potentially down a tree of many dependencies.”