The Polyfill incident is bad (that seems to be how the hackers got into the internet archive), and the OpenSSH one could have been really nasty, if it wasn’t caught both early, and by chance (a performance engineer at a major software company noticed).
Relevant XKCD.
The Polyfill incident is bad (that seems to be how the hackers got into the internet archive), and the OpenSSH one could have been really nasty, if it wasn’t caught both early, and by chance (a performance engineer at a major software company noticed).