Trojan Source bug
‘Trojan Source’ Makes Scary Headlines—But it’s Not New
Richi Jennings | | Clearly not an issue for real developers as its not like they would copy and paste code off stackoverflow, open source risk, SB Blogwatch, Software Supply Chains, Trojan Source bug
Trojan Source “threatens the security of all code,” screams a widely shared article. Poppycock. There’s nothing new here ...
Security Boulevard
‘Trojan Source’ Bug Threatens the Security of All Code
BrianKrebs | | Bidi override, Cambridge University, CVE-2021-42574, CVE-2021-42694, Johns Hopkins Information Security Institute, Latest Warnings, Matthew Green, Nicholas Weaver, Ross Anderson, rust, The Coming Storm, Time to Patch, Trojan Source bug, University of California Berkeley
Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software ...