Kyle Rankin on Nostr: Whenever security incidents happen, you always see certain vendors take part in ...
Whenever security incidents happen, you always see certain vendors take part in ambulance chasing: blog posts that talk about how *their* product could have prevented it.
I've come to expect it from commercial vendors, but I didn't expect OpenSSF to do it, especially when their charter is precisely to prevent things like this from happening in exactly these kind of under-resourced-but-important projects.
https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/Published at
2024-03-31 02:10:40Event JSON
{
"id": "4beb0bfbe3a3143d1de41768a7acd02b7a0161856dc17c22cfdfb1ec30b9b65b",
"pubkey": "80587d28411159709b21896a70ef8583c7886c791d909d862754b5f27e231f8d",
"created_at": 1711851040,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.kylerank.in/users/kyle/statuses/112187869783036314",
"activitypub"
]
],
"content": "Whenever security incidents happen, you always see certain vendors take part in ambulance chasing: blog posts that talk about how *their* product could have prevented it.\n\nI've come to expect it from commercial vendors, but I didn't expect OpenSSF to do it, especially when their charter is precisely to prevent things like this from happening in exactly these kind of under-resourced-but-important projects.\n\nhttps://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/",
"sig": "60b2458e03dd0085f790297ea3b6ff7060d879730ba4e152be2964cae76ae416008b1cc533070fad1a1bd1db5a5d97028014b8726f6019b83ff846a6b3e9f01a"
}