"Perhaps developers simply shouldn't use unaudited or sketchy-sourced code in production"
I'll go with that one please
Yes, but that would mean investing time in auditing the code. In a production environment, the point of using third party tools is to save time, so spending that time is going to get push-back from management if it even occurs to the devs to do so in the first place. I fully agree with the sentiment, but it is going to be a hard sell in order to get this added into a coder's SOP.
Biting the hand that feeds IT © 1998–2021