Comment by lrvick

With supply chain attacks in the news daily now wreaking havoc across the whole industry, ignoring them is negligent in all cases where software is written for the consumption of anyone other than the author.

The entire medical industry was negligent for 100 years following Ignaz Semmelweis proving basic sanitation tactics would save countless lives.

Similarly the entire software industry is and has been negligent since 1987 when Ken Thompson first demonstrated basic supply chain integrity tactics could stop otherwise unstoppable and undetectable attacks on software.