I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...
Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).
If anything, Open Source Security has *worked*.
#cypersecurity #OSS
Lars Marowsky-Brée 😷 /
npub1hy…ycarz
2024-04-01 09:22:53
Author Public Key
npub1hyhhpfj6f2yn2fh7fvun988k75gk38zhqpapjchwkrvkczmtk6xqhycarzPublished at
2024-04-01 09:22:53Event JSON
{
"id": "7e3b0315e6d3d587009650b179699f9189f47460ebd647320ad32df90425702c",
"pubkey": "b92f70a65a4a893526fe4b39329cf6f511689c57007a1962eeb0d96c0b6bb68c",
"created_at": 1711963373,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"t",
"opensource"
],
[
"t",
"cypersecurity"
],
[
"t",
"oss"
],
[
"proxy",
"https://mastodon.online/users/larsmb/statuses/112195231653633258",
"activitypub"
]
],
"content": "I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.\nYeah, sure, but ...\n\nGood luck finding such an attack in proprietary code.\nVia the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote \"offshored\" contracted temporary developer (or nowadays, embedded into some LLM output).\n\nIf anything, Open Source Security has *worked*.\n\n#cypersecurity #OSS",
"sig": "81481c42a94309ad94713f6095f758fd57d4c3cefb12984eaf7d7ef0f4052dbc307139c2d04f7c00330a0d90ba38020d88aac662519a8db65c320f25ea944f2c"
}