New Open-source Dependency Confusion Vulnerability Threatens Software Supply Chain

Newly discovered dependency confusion vulnerability found in 35 enterprises—and counting—and threatens software supply chain. Bad actors could inject malicious code without any victim action by redirecting open-source updates to compromised open-source code repos. In this Inside AppSec Podcast, Contrast Security's Director of Security Research discusses why dependency confusion poses a serious threat and how they can detect and remediate the vulnerability before bad actors exploit it.