| ▲ | rs999gti 3 hours ago | |||||||
> supply chain attacks You all really need to stop using this term when it comes to OSS. Supply chain implies a relationship, none of these companies or developers have a relationship with the creators other than including their packages. Call it something like "free code attacks" or "hobbyist code attacks." | ||||||||
| ▲ | shermantanktop 3 hours ago | parent | next [-] | |||||||
“code I picked up off the side of the road” “code I somehow took a dependency on when copying bits of someone’s package.json file” “code which showed up in my lock file and I still don’t know how it got there” | ||||||||
| ||||||||
| ▲ | pixl97 3 hours ago | parent | prev | next [-] | |||||||
A supply chain can have hobbyists, there's no particular definition that says everyone involved must be a professional registered business. | ||||||||
| ▲ | __alexs 3 hours ago | parent | prev [-] | |||||||
I know CrowdStrike have a pretty bad reputation but calling them hobbyists is a bit rude. | ||||||||
| ||||||||