Comment by rvz

What do we have here? Unaudited software completely compromised with a fake SOC 2 and ISO 27001 certification.

An actual infosec audit would have rigorously enforced basic security best practices in preventing this supply chain attack.

[0] https://news.ycombinator.com/item?id=47502754