Mon Jun 20 2022

Most people imagine software engineers tapping keyboards in a kombucha-keg filled room. But modern software isn’t written... It’s assembled. Developers write code, but they don't start from scratch - They use open-source code and libraries, developed by a community. Those building blocks are themselves dependent on other pieces of open-source software, which are built atop yet others, and so on. The dependencies of this software supply chain are therefore recursive - ‘nested,’ like a Russian Matryoshka doll. So you ask whether your software is safe, the answer is, "It Depends."