|
|
|
|
|
|
by eslaught
3696 days ago
|
|
|
> PS: who cares if the devs are using unsigned software downloaded over HTTP? I care about using signed software (and then I suppose the transport doesn't really matter), but that's totally unrelated to what the devs do on their own computers. This is definitely a vector that attackers can and do use. If the developer is infected, particularly by a virus that changes the compiler to emit infected code, this can by proxy infect the products they develop. See e.g.: https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thomp... |
|
|