Front end just became a backdoor, and on the future of cyber attacks(vonwerk.com)
vonwerk.com
Front end just became a backdoor, and on the future of cyber attacks
https://vonwerk.com/blog/your-websites-frontent-just-became-a-backdoor-and-on-the-future-of-cyber-attacks
You pull in one library and suddenly you have a dependency tree of 500 sub-packages. That is a massive attack surface. It feels like we have given up on actually vetting code because it is physically impossible to audit that much stuff. We are basically just crossing our fingers that the maintainers 4 levels deep are doing their job