Michael Lieberman
@mikeneeds.rest
Software supply chain security
Are brain worms contagious?
November 17, 2025 at 10:27 PM
Are brain worms contagious?
Shellshock had one en.m.wikipedia.org/wiki/Shellsh...
Shellshock (software bug) - Wikipedia
en.m.wikipedia.org
September 23, 2025 at 11:35 AM
Shellshock had one en.m.wikipedia.org/wiki/Shellsh...
Seasonal allergies can cause eyelid twitching. I get it around spring and fall.
September 6, 2025 at 7:39 PM
Seasonal allergies can cause eyelid twitching. I get it around spring and fall.
Are some large enterprises acting like ignorant children? 🤔
June 22, 2025 at 11:15 PM
Are some large enterprises acting like ignorant children? 🤔
If I'm writing a personal project? I'm a little bit more flexible.
If I'm working on something for my employer, I'm looking at the risks. A sandbox research project is going to go through different scrutiny than something like an online banking application.
If I'm working on something for my employer, I'm looking at the risks. A sandbox research project is going to go through different scrutiny than something like an online banking application.
June 22, 2025 at 10:46 PM
If I'm writing a personal project? I'm a little bit more flexible.
If I'm working on something for my employer, I'm looking at the risks. A sandbox research project is going to go through different scrutiny than something like an online banking application.
If I'm working on something for my employer, I'm looking at the risks. A sandbox research project is going to go through different scrutiny than something like an online banking application.
I think the way Europe is looking at this with the CRA is also something to look at. Europe says in your example it's still the responsibility of the organization consuming the OSS to ensure it meets the regulation.
June 22, 2025 at 10:37 PM
I think the way Europe is looking at this with the CRA is also something to look at. Europe says in your example it's still the responsibility of the organization consuming the OSS to ensure it meets the regulation.
Open source in and of itself is just code thrown out to the public with no warranty. Some of it is good, some bad. In your example if, maybe I would look at a different project or buy it from a reputable organization instead of something with few maintainers.
June 22, 2025 at 10:35 PM
Open source in and of itself is just code thrown out to the public with no warranty. Some of it is good, some bad. In your example if, maybe I would look at a different project or buy it from a reputable organization instead of something with few maintainers.
Yes absolutely. People leave up all sorts of stuff. Unless you are purposefully misleading folks it's up to the consumer to do some level of due diligence. I have worked at massive banks where there were policies in place to prevent including that sort of stuff.
June 22, 2025 at 9:58 PM
Yes absolutely. People leave up all sorts of stuff. Unless you are purposefully misleading folks it's up to the consumer to do some level of due diligence. I have worked at massive banks where there were policies in place to prevent including that sort of stuff.
It is still the responsibility of the consumer. Full stop.
June 22, 2025 at 9:31 PM
It is still the responsibility of the consumer. Full stop.
I wonder how many people know you can install non-python code via pip and the like? I know most package managers support some level of arbitrary downloading of static content and most have also some level of arbitrary code execution on build/install.
May 15, 2025 at 1:57 PM
I wonder how many people know you can install non-python code via pip and the like? I know most package managers support some level of arbitrary downloading of static content and most have also some level of arbitrary code execution on build/install.