|
|
|
|
|
|
by francescovv
807 days ago
|
|
|
> 100s of dependencies. If there is a 1% chance of a random repo having a backdoor, the project will be compromised Apologies for nit-picking, but that's not quite how sum-of-probabilities work. Total probability across 200 tries of 1% chance each, is ~87%: p=0
for _ in range(200):
p=p+(1-p)*.01
print(p)
0.8660203251420382
Your "sooner or later, to the point where we can assume" conclusion, still stands, of course. |
|
|
1) Best of luck in an audit explaining that there is almost a 14% chance that your project is free of backdoors given reasonable assumptions. I recommend taking a photo of the auditor's expression and reporting back.
2) There are quibbles to be had about the IID assumption here; dependencies tend aren't selected randomly and attackers aren't targeting them randomly.
3) You don't need a for loop for that, you can calculate directly with `1-(0.99*200)`.