> It's even a truism now that computer defence against a well funded nation state is hopeless.
For some, it is still worthwhile to harden defenses against nation-state threat actors. Raising the cost for those nation-states is sufficient justification on its own.
For example, opaque binary distributions are more easily compromised than either source code distributions or verifiable reproducible builds. As an industry we should migrate away from opaque binaries, and major open source organizations should bear that in mind while designing their processes.
For some, it is still worthwhile to harden defenses against nation-state threat actors. Raising the cost for those nation-states is sufficient justification on its own.
For example, opaque binary distributions are more easily compromised than either source code distributions or verifiable reproducible builds. As an industry we should migrate away from opaque binaries, and major open source organizations should bear that in mind while designing their processes.