Comment by wk_end
11 days ago
You should probably caveat any post you make about security concerns with that, so people can more easily judge whether your concerns line up with their threat model.
11 days ago
You should probably caveat any post you make about security concerns with that, so people can more easily judge whether your concerns line up with their threat model.
With supply chain attacks in the news daily now wreaking havoc across the whole industry, ignoring them is negligent in all cases where software is written for the consumption of anyone other than the author.
The entire medical industry was negligent for 100 years following Ignaz Semmelweis proving basic sanitation tactics would save countless lives.
Similarly the entire software industry is and has been negligent since 1987 when Ken Thompson first demonstrated basic supply chain integrity tactics could stop otherwise unstoppable and undetectable attacks on software.