Lars Marowsky-Brée 😷 on Nostr: I can't wrap my head around how almost all of the #xz reporting focuses on the ...
I can't wrap my head around how almost all of the #xz reporting focuses on the failures of #opensource.
Yeah, sure, but ...
Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).
If anything, Open Source Security has *worked*.
#cypersecurity #OSS
Yeah, sure, but ...
Good luck finding such an attack in proprietary code.
Via the cliché paid off/blackmailed employee, hacked dev servers/repos, or via capitalism's favorite cost-cutting measure: a remote "offshored" contracted temporary developer (or nowadays, embedded into some LLM output).
If anything, Open Source Security has *worked*.
#cypersecurity #OSS