pull down to refresh
51 sats \ 4 replies \ @justin_shocknet 1 Apr \ parent \ on: Inside the failed attempt to backdoor SSH globally — that got caught by chance security
Something not priced in to opensource security is AI reviewing code for potential vulnerabilities. It's not perfect of course, but it can call for more expert review by identifying suspicious practices in code or simply labeling a library as sus
Recently added our repos to socket to monitor our npm based supply chain for deps, and it's pretty awesome. Will be even more awesome when there are several others available
If you applied such an AI bot to the XZ backdoor and it found it (without including it in your dataset of course) I'd be more enthusiastic. The degree of code obfuscation with this was pretty high to be fair.
reply
reply
Yea it was buried really good, but that will also result in automating new kinds of tests
reply
I look forward to it.
reply