A patch updates is a newer version, and they are just as likely to be compromised by supply chain attacks as minor or major updates.
A patch updates is a newer version, and they are just as likely to be compromised by supply chain attacks as minor or major updates.
Not exactly.
Security patches aren't like bugs or features where you can just roll a new version. Often patches need to be backported to older versions allowing software and libraries to be "upgraded" in place with no other change introduced.
Say you had software that controlled the careful mix of chemicals introduced into a municipal water supply. You just don't move from version 1.4 to 3.2, you fix 1.4 in place.
No, you create version 1.4.19, which fixes a bug in 1.4.18.