|
|
|
|
|
|
by chatmasta
3048 days ago
|
|
|
The computers of engineers are great targets for hacking. Dozens of package managers across languages and operating systems, as well as GitHub, provide easy vectors for getting complex code to execute on computer of the dev. Devs are used to running code from the terminal, and typically have many interesting files in their file systems that could assist with lateral movement or even lead to compromising of the build system (!!) Despite this, devs are still generally very cavalier about running code from the internet on their machines. Often times they have no choice of security mitigations because their package manager is compromised by flaws in its design. |
|
|