> how many cases like these we had so far?

As with clever, careful serial killers, it's tough to count the ones we haven't caught.

applfanboysbgon 2 hours ago | parent [-]

It's not that tough. You can get an idea by how many people are being murdered. A successful serial killer results in dead people, and a successful infiltration results in malware being executed. If there are no murdered people with unattributed causes of death, or there are no open-source projects with unattributed causes of malware being shipped, you can conclude there are roughly 0 active serial killers / infiltrators.

It's possible there are infiltrators who are still working on long-term infiltration and haven't yet attempted to add any malicious code anywhere, but the point is that in terms of actual attempts, we've seen a single one and it wasn't even successful despite years of prep.

▲

ceejayoz 2 hours ago | parent [-]

> You can get an idea by how many people are being murdered.

No, we can't, as that happens a lot via non-serial killers.

A truly successful serial killer is likely one who hides in that noise. No taunting the cops, distributed geographic locations, random methods, avoiding calling cards, and careful not to leave too many traces.

It seems likely that some of the 350k unsolved homicides in the US can be explained this way.

> It's possible there are infiltrators who are still working on long-term infiltration and haven't yet attempted to add any malicious code anywhere…

Or the code's already there, latent, as it would've been in the XZ case, which got discovered by chance and someone very dedicated to looking into a performance glitch.

	▲	2 hours ago \| parent [-]
		[deleted]