|
|
|
|
|
|
by fbdab103
743 days ago
|
|
|
Even if you did review it, a motivated attacker is not going to have an exfiltrate_user_data(). The xz backdoor exploit was incredibly sophisticated, and one key of the design was sneaking a "." into a single line of a build test script. A cursory audit of primary dependencies has almost zero chance of catching anything but a brazen exploit. |
|
|
This requires allowlisting egress traffic and possibly even architecting things to prevent any one library from seeing too many things. This approach can be a big pain though and could be difficult to implement practically.