How to Remediate Known Vulnerabilities

By

Fixing vulnerabilities can involve more than patching.

Once you become aware of a vulnerability in a third-party component of your code, you naturally want to get rid of it, says Leo Zhang.

How do you do that? If a fix is available, Zhang explains, there are generally two approaches you can take:

  1. You can patch the component in-place.
  2. You can upgrade to a component version that does not have the vulnerability, by either:
    • Pinning the vulnerable component to a fixed version.
    • Doing iterated component upgrades until the vulnerable component has been removed from your dependency installation plan.

This article looks at the pros and cons of these tactics, along with related considerations.

Learn more at FOSSA.

 
 

 
 

08/28/2023
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.