Comment by jiusanzhou
1 day ago
The $100M in credits for open-source scanning is the most interesting part here. The real bottleneck was never finding vulns in high-profile projects — it was the long tail of critical dependencies maintained by one or two people who don't have time or resources for serious auditing. If Glasswing actually reaches those maintainers, it could meaningfully reduce the attack surface that supply chain attacks exploit.
I must say the combo of an em-dash stuck right in the middle of "it was never X, it was Y" made me chuckle
so it looks like ai-slop replies have made their way to HN...
Unfortunate. I’m so sick of hearing what things are not, or what’s real, or what’s interesting.