Tag: supply chain
-
frequent reminder
only open source has backdoors. commercial, closed source software has undocumented admin features. Eventually forgotten debug tools enabled in production.
-
Malicious PyPI Packages
It was a matter of time. After the npm-repository was hit later last year and ruby gems were found mining crypto-currency, this times it’s PyPI that spreads bad code. Supply chain attacks, as this vector is typically referred to, becomes an increasing problem. Foremost for software vendors. The rich supply of community maintained packages make…