The reason things haven’t fallen apart is because there’s a lot of devs working a lot more than they used to making sure they’re patching vulnerabilities. Last year if you asked me what portion of my time was spent updating dependencies and responding to reports of vulnerabilities I’d say like 5-10%, this year that’s easily more like 30%
I’m sure not every company is doing this, but depending on the sensitivity of the data the company is holding I’d imagine you’d see similar patterns elsewhere
The reason things haven’t fallen apart is because there’s a lot of devs working a lot more than they used to making sure they’re patching vulnerabilities. Last year if you asked me what portion of my time was spent updating dependencies and responding to reports of vulnerabilities I’d say like 5-10%, this year that’s easily more like 30%
I’m sure not every company is doing this, but depending on the sensitivity of the data the company is holding I’d imagine you’d see similar patterns elsewhere