Comment by lrvick
11 days ago
I did for over a decade, but it does not go far enough with supply chain security.
I bootstrapped a new generation of Linux distribution from 180 bytes of human readable x86 machine code all the way up.
11 days ago
I did for over a decade, but it does not go far enough with supply chain security.
I bootstrapped a new generation of Linux distribution from 180 bytes of human readable x86 machine code all the way up.
You should probably caveat any post you make about security concerns with that, so people can more easily judge whether your concerns line up with their threat model.
With supply chain attacks in the news daily now wreaking havoc across the whole industry, ignoring them is negligent in all cases where software is written for the consumption of anyone other than the author.
The entire medical industry was negligent for 100 years following Ignaz Semmelweis proving basic sanitation tactics would save countless lives.
Similarly the entire software industry is and has been negligent since 1987 when Ken Thompson first demonstrated basic supply chain integrity tactics could stop otherwise unstoppable and undetectable attacks on software.