"Our delivery vehicle is FOSS"
Yeah right, FOSS is famous for just accepting pull requests with exploits from randos.
LGTM YOLO fuck it, ship it, move fast and break things — wait, that one isn't FOSS.
Anyway .
"Our delivery vehicle is FOSS"
Yeah right, FOSS is famous for just accepting pull requests with exploits from randos.
LGTM YOLO fuck it, ship it, move fast and break things — wait, that one isn't FOSS.
Anyway .
This absolutely does however happen in practice.
It’s a bit ironic in the sense that the EXACT logic of what you’re saying here is precisely what makes it such an ideal thing to target.
I think sometimes people put way too much faith into the concept of open source as being some kind of meaningful shield against attacks like this. Like absolutely nobody in an intel background for example who does stuff like this for a living would agree with you.
It only ever needs to look plausible and I don’t think it’s all that complicated a problem to come up with a reason as to why you’re introducing some code that is suddenly very focused on reading mouse sensor data.
>It only ever needs to look plausible and I don’t think it’s all that complicated a problem to come up with a reason as to why you’re introducing some code that is suddenly very focused on reading mouse sensor data.
....and then what?
Reading the data alone does nothing.
Sending that data to your own servers would be a harder thing to obfuscate.