Malicious code planted in xz Utils has been circulating for more than a month.| Ars Technica
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.| WIRED
Recently a security hole in a certain open source Java library resulted in a worldwide emergency kerfuffle as, say, 40% of the possibly hund...| apenwarr.ca
It works! I am now a full-time independent open-source maintainer. I'm announcing my first cohort of six clients, and sharing some details of how the model works.| Filippo Valsorda