u/Dazzling-Stable-3452

I am a software engineer and observe supply chain attacks on software (trivy, axios) happening more frequently. With use of AI for development, this may happen in HACS integrations & even HA, for me, I have started to delay the version upgrades for at least a week if my current setup is working fine and even started looking at source code for HACS integration

I am still new to open source software so happy to hear your thoughts on this especially experts in this area. Cheers!