March 21, 2025 at 12:00 am
Comments posted to this topic are about the item More Supply Chain Attacks
March 21, 2025 at 2:21 pm
For me this illustrates a behavioural problem I see throughout the supply chain. Lethargy.
We have to acknowledge that patching, both at the vendor and consumer end, takes time and money. Diagnosing and fixing an issue may be trivial or Herculean.
Under the hood the difference between internal and external software is that the external stuff is bought in. It is not guaranteed to be better written, follow best practice etc. If you saw the source code it would look as awful as the code you used to write.
I know of commercial applications that, when security scanned, will light up with faults that were considered severe when they were raised years ago.
March 23, 2025 at 2:54 pm
Thank you, Steve, for bringing this to our attention! I was not aware of this type of attack. I can see how it could happen. Where I work, they put TFS 2015 in place I think it 2014 (before I was hired). Because of the ceremony involved in creating a new TFVC repo, it didn't happen often. And people had a tendency to delay pushing changes to their TFVC repos for months, thus commits (check-ins, in TFS terms) would be massive and we didn't use anything like a code review process back then. It wasn't a good practice, but under the circumstances I can see why people did it.
Two years ago, we migrated our codebase to GitHub. However, old habits die hard. I understand why, but we've all got to learn best practices.
Kindest Regards, Rod Connect with me on LinkedIn.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy