Chicken Nuget
21 hours ago
- #Microsoft
- #security
- #nuget
- nuget.org hosts outdated and insecure curl packages, with some downloaded nearly 100,000 times.
- Microsoft does not consider outdated packages a vulnerability, shifting responsibility to package owners.
- The issue persists despite previous reports, showing no improvement in nuget's package management.
- Users unknowingly download insecure software due to nuget's lack of proactive security measures.
- Microsoft's response suggests indifference to the security risks posed by outdated packages.
- The author criticizes nuget's model for enabling the distribution of potentially harmful software.
- No effective solution is proposed, highlighting a systemic issue with nuget's approach to package hosting.