A dependency is an external component that software needs to run, such as a library, package, model, or hosted service. Modern systems often depend on many layers of third-party code, including transitive dependencies that are pulled in indirectly. These components save time and add features, but they also create security exposure because the application inherits their bugs, misconfigurations, and update risks.
In cyber security, dependencies matter because attackers often target the supply chain instead of the main application. A vulnerable package, compromised update server, or malicious dependency can give an attacker code execution, data access, or persistence. Defenders reduce this risk by inventorying dependencies, pinning versions, reviewing updates, scanning for known vulnerabilities, and removing unused components. In practice, an accurate dependency list is essential for incident response, patching, and SBOM-driven risk management.



