• wolf
    link
    fedilink
    English
    arrow-up
    26
    ·
    edit-2
    8 months ago

    Supply chain attacks are extremely cheap/easy and very effective, so get prepared for more of them in the future.

    It really bothers me, that many companies make billions utilizing open source without contributing money/employees etc. to secure/supply/maintain supply chains.

    • RedNight@lemmy.ml
      link
      fedilink
      arrow-up
      12
      ·
      8 months ago

      This one might not have been that cheap. The malicious code was added by a maintainer on the project for two years. That is some patience