GitHub Gist: star and fork thesamesam's gists by creating an account on GitHub.| Gist
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.| WIRED
Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks and what you can do about it.| www.sonatype.com
OpenSSF and Controlplane created, hosted and ran a tabletop exercise for Incident Responders in the format of a panellist discussion. Let’s have a look behind the scenes and uncover tips and tricks how a security team can carry out a similar exercise.| control-plane.io
The past few days have seen the security world focused on the revelation of the xz/liblzma backdoor. For more background, see this early writeup of the issue, this GitHub Gist, this detailed timeline, and the official detail page for CVE-2024-3094.| blog.rubygems.org
Easter Egg in xz, GSoC 2024, Opportunity Open Source 2024?, CPDB Snap, PAPPL scanning, Snap automation, SpliX 2.0.1| OpenPrinting