|
|
|
|
|
|
by daze42
2189 days ago
|
|
|
You bring up very good points. I certainly don't trust most if any of the other critical pieces of the stack. I think those are attack vectors or points of failure as well and that risk needs to be mitigated. But on the other hand, the NPM package web is much larger and the barrier to entry is much lower so I would consider it to be much higher risk than the rest of the stack. We as an industry need to put work into reviewing, simplifying, and increasing visibility at all levels of the stack, especially firmware. We're building high and fast and while standing on the shoulders of giants is a great place to be, we need to make sure the giant is more than just a house of cards. |
|
|