1. Dependency-Track Vulnerability Alert Gap: Critical Changes Go Unnotified
A critical notification gap exists within the Dependency-Track open-source security platform. When a known software vulnerability is updated—for instance, its severity is escalated from 'Unassigned' to 'Critical'—the system currently fails to alert users. This silence creates a dangerous blind spot, leaving security te...