The Great Supply Chain Security Paradox: “every open source lib is getting owned! wait at least a week to patch, let ...

The Great Supply Chain Security Paradox: “every open source lib is getting owned! wait at least a week to patch, let other people find the supply chain breaches before you” “AI is reversing all these patches, the window to exploit is down to just hours now, patch your shit immediately!” … (Credit to James Wilson and Brad Arkin. Threat intel feeds may be the answer, eg Sentinel One, Checkmarx, Socket, etc. Somehow we came full circle back around to antivirus!)