It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period.
Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie.
Doesn’t really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world’s computer systems.
CallMeAnAI@lemmy.world 3 days ago
Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.
msage@programming.dev 3 days ago
I know of one successful supply chain attack in FOSS.
So still points for using it.
SheeEttin@lemmy.zip 2 days ago
AUR has had multiple Trojans just this week
msage@programming.dev 2 days ago
I’m sorry, Dave, but AUR does not count.
toothpaste_ostrich@feddit.nl 3 days ago
I… Don’t understand what you said here 🫤