From 030beb714172cbe3572f0c3b06cc01ba999c48a2 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 27 Jul 2025 11:46:46 -0400 Subject: [PATCH] fix typo and date --- _posts/2025-06-07-package-managers.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/_posts/2025-06-07-package-managers.md b/_posts/2025-06-07-package-managers.md index 278c804..d54f961 100644 --- a/_posts/2025-06-07-package-managers.md +++ b/_posts/2025-06-07-package-managers.md @@ -1,7 +1,7 @@ --- layout: post title: Package managers - malware delivery as a service -date: 2025-04-02 +date: 2025-06-07 --- Using third-party code, such as open source libraries has made it much easier to @@ -45,7 +45,7 @@ building while the backdoor is unguarded and wide open. SAST and monitoring will only reliably detect previously found vulnerabilities, as they are typically rule or behaviour based, and can often be circumvented because the attackers design their attacks to evade detection. The [SolarWinds attack](http://web.archive.org/web/20250226000211/https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/) -occured despite sophisticated monitoring and SAST systems at one of the leading +occurred despite sophisticated monitoring and SAST systems at one of the leading cybersecurity firms in the world. The nature of that compromise is such that full code review likely wouldn't have prevented the attack, reproducible builds would have (more on that another time), but the point is that there is an @@ -138,5 +138,3 @@ review them rather than assigning them cost of $0 as though they are free to use * Consider donating to maintainers of your most important third party dependencies, both for development, and to pay for security assessments. - -