I can't emphasize enough how much of a genuine issue this is, especially where package managers are being used on production environments or within CI/CD pipelines. There's enough publicized cases of Chinese CCP operatives gaining pull request access to key packages, and I'm sure many more get discovered that are covered up/not made public. Even just turn over of package ownership from reputable entities to lesser known individuals is of course worrying.
As a SWE/EngMgr turned VC, I'm curious if there's startups or commercial companies providing some kind of assurance here (but also worried the $ TAM for solving this problem probably isn't enough to make it a standalone business).
Also for that case, I don't think we have any clue who the guy is. Name just not meaning anything. Or anyone has any link to a formal trace to the origin?
Yeah, well, harvesting human organs (selling them to US customers) and maintaining death camps in 2024 is kind of "bad guys" for me. But, to each his own, I suppose.
The U.S. also harvests the organs of dead prisoners without consent. This is well-documented. 2 Democratic senators even proposed a bill to "reduce sentences" by "donating" your organs.
The U.S. runs the world's most extensive biological weapons research program and firmly opposes any verification for the BWC to which the U.S. is a signatory. The Pentagon operates a ridiculous number of bio labs in other nations.
The U.S. NIH was indirectly responsible for Covid - thanks to sponsorship of gain-of-function research into bat coronaviruses via the Ecohealth alliance, sponsorship of which was approved by good old "I represent Science" Dr Fauci. A massive and desperate cover up operation was performed by the NIH here. Hell, there were e-mails sent to delete everything and deflect all inquiries.
The U.S. deliberately sponsors coups in nations across the world for leaders they don't like - as evidenced by de-classified documents. The U.S. military budget is 7 times higher than that of China. Nearly a million people were killed directly and in-directly in Yemen thanks to good old American bombs.
Let's not even get into earlier acts - like Obama's "moderate rebels" in Syria who were busy chaining women in Aleppo and who devolved into ISIS after the Syrian army kicked them out and decided to conquer Iraq instead - all with the latest American weaponry in hand! (I strongly suggest speaking to a native Syrian who lived in Aleppo during that time to know about the horror)
Other than these very small misdemeanours, the U.S. is a saint! Doubly so on the internet. /s
As a SWE/EngMgr turned VC, I'm curious if there's startups or commercial companies providing some kind of assurance here (but also worried the $ TAM for solving this problem probably isn't enough to make it a standalone business).