Security News > 2022 > January > JavaScript developer destroys own projects in supply chain “lesson”

JavaScript developer destroys own projects in supply chain “lesson”
2022-01-11 19:54

If you were a user of either of those projects, and if you are inclined to accept any and all updates to your source code automatically without any sort of code review or testing.

We've written about security holes suddenly showing up in numerous coding communities, including PHP programmers, Pythonistas, Ruby users, and NPM fans.

Software supply chain attacks typically involve poisonous, dangerous or otherwise deliberately modified content that infects your network or your development team indirectly, unlike a direct hack where attackers break into your network and mount a head-on assault.

LEARN MORE ABOUT SUPPLY CHAIN ATTACKS. Click-and-drag on the soundwaves below to skip to any point in the podcast.

We already mentioned hypocrite commits, which were intended to remind us all that it's possible to inject malicious backdoor code under cover of two or more changes that don't introduce security holes on on their own, but do create a vulnerability when they're combined.

Log('testing testing testing testing testing testing testing'.


News URL

https://nakedsecurity.sophos.com/2022/01/11/javascript-developer-destroys-own-projects-in-supply-chain-lesson/