What can we learn about the backdooring of xz
/liblzma
, using OpenSSF Security Scorecards and dependency-management-data? (6 mins read).
Looking at how the recent CVE-2024-3094 vulnerability could provide insight into other cases of risk in dependencies and their lack of code review.