top | item 24996129

(no title)

yoloClin | 5 years ago

On the flipside, it's more plausible for an actor to get malicious code into a project in order to infect a target. Sure it has to be obscure enough to pass any code reviews during PR and/or involves compromising a contributor but it is possible and something I see happening in the next 10 years.

I'm also genuinely curious how many people actively review all the code they actually run. I doubt anybody but the very largest tech companies and high-end government would actually be able to afford and resources such a feat, and even then they would have DMZ-type areas to detonate unaudited software.

discuss

unknown|5 years ago

[deleted]