Dependency management used to be a private embarrassment: an Ant script, a /lib folder, and classpath roulette. You could ship anyway, and the consequences mostly stayed inside your org. 

The post Trust At Scale: The Commons, Threats, and AI in the Loop | Sonatype appeared first on Security Boulevard.