Ba-Dum Tish
Drum roll please... Continuing on the theme of being asked to pay no attention to the man behind the curtain we have an open source view of the SolarWinds debacle... Yes, the one that appears to have allowed 'state operatives' access to a significant part of the US Government's infrastructure as well as affecting other Fortune 500 companies like Microsoft... you know, the US company that NZ Govt agencies spend so many of our tax dollars on in spite of there being viable alternatives here in New Zealand.
As the article outlines, SolarWinds is another one of those companies that continue to try and sow fear and doubt about open source projects implying that 'anyone can infect it with malicious code'... they forgot the 'try to' qualifier. Yes, anyone can review and contribute to open source but it's not a free for all. Every project has a defined commit structure and while there have been documented attempts to insert malicious code they have usually been picked up... that is why they remain documented.
In the SolarWinds case, even though the malicious payload was only available for a 'few months' the breach itself obviously happened well before that... you don't develop targeted malware overnight do you. Not only that, it was a third party that highlighted the issue. It wasn't even detected by SolarWinds and here they are trying to reduce the harm by saying there were 'only' 18,000 downloads... eighteen thousand! A significant portion of the US Government as well as some of the worlds largest companies are affected and they're trying to minimise the issue...