Attack on SolarWinds could have been countered by reproducible builds
Justin Cappos
justincappos at gmail.com
Tue Dec 22 06:51:09 UTC 2020
On Tue, Dec 22, 2020 at 4:58 AM David A. Wheeler <dwheeler at dwheeler.com>
wrote:
>
>
> On Dec 21, 2020, at 1:58 PM, Santiago Torres-Arias <santiago at archlinux.org>
> wrote:
> I agree that we need more visibility on the reprobuilds aspect of this
> compromise.
>
>
> I don’t think it’s visible to *reporters* though.
>
Just to chime in here, I've been interviewed by a few journalists on the
topic ( Yahoo Finance
<https://finance.yahoo.com/news/why-russias-massive-cyberattack-is-especially-insidious-222912267.html>
, Crains
<https://www.crainsnewyork.com/technology/no-evidence-city-was-cyberhacked-despite-work-breached-company>,
with more hopefully coming out). I mentioned repro builds, etc. to them
and really stressed it with verification as the solution but they just
didn't use this in their stories. I think the problem is that it's hard
enough to explain to a general audience where their story focus is more on
the problem and who might be behind it than any potential solution.
On another note, I would say this is an ideal time to engage the broader
academic / open source communities about reproducible builds. I started a
paper draft a few years ago (
https://github.com/JustinCappos/reproduciblebuildpaper ), but there was a
loss of momentum. Perhaps it is time to consider brushing it off or
starting something new?
Thanks,
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20201222/ed0134c5/attachment.htm>
More information about the rb-general
mailing list