Microsoft has published a white paper on Tuesday about a new type of attack technique called a “dependency confusion” or a “substitution attack” that can be used to poison the app-building process inside corporate environments.
The technique revolves around concepts like package managers, public and private package repositories, and build processes.
Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app.
Read more…
Source: ZDNet