Abstract

To kick-start the discussion, let’s first review some of the recent attacks. In the node-ipc case1 a developer pushed an update that deliberately but stealthily included code that sabotaged the computer of the users who installed the updated component. Such an attack was selective: a DarkSide in reverse. If the computer Internet Protocol (IP) was geolocated in Russia, the attack would be launched. Several days and a few million downloads later, the “spurious code” was actually noticed and investigated. Linus’s law on the many eyes eventually made the bug shallow,2 and the developer pulled back the changes.

Date

September 13, 2022

Authors

Fabio Massacci, Antonino Sabetta, Jelena Mirkovic, Toby Murray, Hamed Okhravi, Mohammad Mannan, Anderson Rocha, Eric Bodden, Daniel E Geer

Journal

IEEE Security & Privacy

Volume

20

Issue

5

Pages

16-21

Publisher

IEEE