Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Good thing these eggheads have created a database of patches
Python security fixes often happen through "silent" code commits, without an associated Common Vulnerabilities and Exposures (CVE) identifier, according to a group of computer security researchers. That's not ideal, they say, because attackers love to exploit undisclosed vulnerabilities in unpatched systems and because developers who are not security experts may not recognize that an upstream commit is targeting an exploitable flaw that's relevant to their code. Ergo, a Python package could have...