I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...
Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).
If anything, Open Source Security has *worked*.
#cypersecurity #OSS
Lars Marowsky-Brée 😷 /
npub1y2…znuf9
2024-04-01 09:22:53
Author Public Key
npub1y2l9en3y09nprm9yxt2e5edya7r6v6vzkq9xrh02cgj8srnf8cwq3znuf9Published at
2024-04-01 09:22:53Event JSON
{
"id": "6946ff8b30654443f4f4aca56af5e68f4a2caecc2748f82548b6ac300d5467c7",
"pubkey": "22be5cce24796611eca432d59a65a4ef87a66982b00a61ddeac224780e693e1c",
"created_at": 1711963373,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"t",
"cypersecurity"
],
[
"t",
"opensource"
],
[
"t",
"oss"
],
[
"proxy",
"https://mastodon.online/users/larsmb/statuses/112195231653633258",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.online/users/larsmb/statuses/112195231653633258",
"pink.momostr"
]
],
"content": "I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.\nYeah, sure, but ...\n\nGood luck finding such an attack in proprietary code.\nVia the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote \"offshored\" contracted temporary developer (or nowadays, embedded into some LLM output).\n\nIf anything, Open Source Security has *worked*.\n\n#cypersecurity #OSS",
"sig": "c6e3bc3fec7fda9644ac1d26c74c4de095c498c98677ecf9bf49b9cf0b5c9ab61cc16d5dad124740e95691b8ea47a90d6dde065740f339e620b630756feb79b6"
}