This is an object lesson in why organizations that use open source code should devote resources to supporting and maintaining it. Because if you don't, the actors who fill the gap may well be malicious. That's what happened here when a 'back door' was planed into XZ Utils, a widely-used set of tools used to compress software archives. The resulting code created a vulnerability in key infrastructure, used to secure critical systems such as cloud-based tools. It was caught by an engineer working at Microsoft, though in retrospect the tracks of an unknown bad actor seeding the code were there fir all to see.
Today: 4 Total: 790 [Direct link] [Share]
