It’s not uncommon to hear people refer to updating dependencies as “dependency management”. They’re not wrong; keeping dependencies up to date is a big part of dependency management, but it’s not everything. Read on to learn more about the differences between the two.

AI promises many advantages when it comes to application development. But it’s also giving threat actors plenty of advantages, too. It’s always important to remember that AI models can produce a lot of garbage that is really convincing—and so can attackers. “Dark” AI models can be used to purposely write malicious code, but in this blog, we’ll discuss three other distinct ways using AI models can lead to attacks.

Only about 35 percent of the models on Hugging Face bear any license at all. Of those that do, roughly 60 percent fall under traditional open source licenses. But while the majority of licensed AI models may be open source, some very large projects–including Midjourney, BLOOM, and LLaMa—fall under that remaining 40 percent category. So let’s take a look at some of the top AI model licenses on Hugging Face, including the most popular open source and not-so-open source licenses.

NIST has announced that it has filled the funding gap for the National Vulnerability Database (NVD) and hired a contractor to return it to its previous underwhelming state. What does that mean for us? Basically, The NVD is off life support, but we wouldn’t say it’s healthy. It’s more like “undead”.