• @[email protected]
    link
    fedilink
    English
    23
    edit-2
    8 months ago

    Supply chain attacks are extremely cheap/easy and very effective, so get prepared for more of them in the future.

    It really bothers me, that many companies make billions utilizing open source without contributing money/employees etc. to secure/supply/maintain supply chains.

    • @[email protected]
      link
      fedilink
      118 months ago

      This one might not have been that cheap. The malicious code was added by a maintainer on the project for two years. That is some patience

      • @[email protected]
        link
        fedilink
        English
        68 months ago

        Agreed. I am more speaking of ‘in general’, for example there was a supply chain attack on a widely used npm package by writing an email to the author of the npm package. There are other ‘cheap’ attacks like dependency confusion, typo squatting etc.

      • @NotMyOldRedditName
        link
        28 months ago

        What about finding someone like this and then blackmailing them?

        That would be cheaper