Priyanka discusses the challenges of managing third-party libraries and the concept of developer fatigue, particularly in the context of OSS supply chain vulnerabilities. Nir shares findings from extensive analysis on the exploitability of code, revealing that only a small fraction of CVEs provide direct function names, challenging the prevailing hype around exploit reachability. Their conversation highlights the complexities developers face when upgrading libraries and assessing risks.
