| ▲ | philipwhiuk 4 hours ago | |
> > This is Microsoft’s second known breach over the past few weeks that has allowed hackers to compromise its open source projects, per Ars Technica. > I, like many others love to knock on Microslop when I can, but in this case they did the right thing. I've no idea what your problem with this sentence is. They have an organisational security problem, aided/demonstrated by lack of effort to effectively lockdown GitHub Actions and allowing MRs to circumvent CI/CD. That this is a Microsoft problem that was present pre-AI is not up for debate. See https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO... In the age of AI, it's now endemic and being weaponised. | ||
| ▲ | bilekas 3 hours ago | parent [-] | |
> That this is a Microsoft problem that was present pre-AI is not up for debate. See https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO... No argument from me, but what would you have them do in the immediate timeframe ? | ||