Could Supply Chain Attacks like Log4J have been prevented? If so, how? Well, that’s what I’m going to dive into today, and also announce the launch of a new project, DependencyCheck.ai.
I had this idea a while back that if I combined both ML and UEBA (User Entity Based Analytics), I might be able to provide an accurate risk score of open-source dependency packages. By not only focusing on the source code but also on the person behind the keyboard writing it!