Why Nostr? What is Njump?
2024-04-01 09:22:53

Lars Marowsky-Brée 😷 on Nostr: I can't wrap my head around how almost all of the #xz reporting focuses on the ...

I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...

Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).

If anything, Open Source Security has *worked*.

#cypersecurity #OSS
Author Public Key
npub1hyhhpfj6f2yn2fh7fvun988k75gk38zhqpapjchwkrvkczmtk6xqhycarz