В ИТ есть три роли, которые часто путают: Project Manager (PM), Product Manager (PdM) и Program Manager (PgM). Звучат они похоже, но задачи и фокус у каждой разные. Встречаясь с каждой из них в своей карьере, каждый раз возникало ощущение "дежавю". Оказалось "Вы не понимаете, это другое!" - разница есть. Понимание этой разницы помогает компаниям эффективнее выстраивать процессы, а специалистам правильно строить карьеру и лучше ориентироваться в сообществе. Понять разницу
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`.
An authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default configuration, anybody is allowed to create a new project. An attacker can create a new project and then use it to become authenticated and exploit this flaw. As such, the exposure is similar to an unauthenticated attack,…
A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.