85
Sonatype Uncovers Global Espionage Campaign in Open Source Ecosystems (www.sonatype.com)
submitted 5 days ago by pylapp@programming.dev to c/opensource@lemmy.ml
8 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] eldavi@lemmy.ml 7 points 5 days ago

I feel like this is kind of the amateur-hour stuff. It’s certainly dangerous, but in comparison to a lot of state-actor activities (or even committed-amateur activities), this kind of supply-chain attack is pretty blatant and easy to spot. Which doesn’t mean it’s easy to spot

the real worrisome stuff comes from state actors who know what they're doing and have captured the entire ecosystem to prevent it from being discovered until it doesn't matter any more. eg stuxnet, prism, etc.

[-] PhilipTheBucket@piefed.social 6 points 5 days ago

Yeah, exactly. If you read the Snowden leaks to learn the details of what some of their actual capabilities are (smuggling flawed keys into the DH exchange for most major web browsers for example), it makes this stuff look like kids in their basements fucking around.

[-] eldavi@lemmy.ml 4 points 5 days ago

i can't read them, they frighten me. lol

[-] pmk@lemmy.sdf.org 4 points 5 days ago

How about these words: "Reflections on Trusting Trust".

[-] eldavi@lemmy.ml 1 points 4 days ago

i forgot that this was a thing and i think it's sure fire sign that i've left the developer fold. lol

this post was submitted on 11 Aug 2025
85 points (98.9% liked)

Open Source

39885 readers
238 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml