alt Hacker NewsThis comment seems a bit confused.
A supply chain attack doesn't directly attack an end developer but rather a supplier of the developer. So who or what is the supplier in this case?
Replies
LamaOfRuin • today at 2:20 AM
That seems... not correct?
The comment was asking about preventing a compromised supplier for the developers.
A supply chain attack can be anywhere in the supply chain to the target. If I, the end user, am the target, then a supply chain attack compromising the developer of LittleSnitch is effective.
I may then be a conduit to compromising other software or components, and would both I and LittleSnitch would be part of the supply chain that could be attacked targeting them.
➕ show 1 reply
hsbauauvhabzb • today at 1:29 AM
This seems pedantic and I think you know what they’re questioning and why.
➕ show 2 replies
They don't build their own machines or write their compilers or write their own crpyto code or ... so many other things.