Dependency cooldowns turn you into a free-rider

The article argues against dependency cooldowns as a response to supply chain attacks, highlighting that such measures may inadvertently create free-rider vulnerabilities. It warns that organizations relying on cooldowns to mitigate risks may face increased exposure to malicious dependencies and supply chain compromises, affecting software vendors and end-users alike.