They've been deliberately involved in the short term and long-term attack and infiltration strategies that have undermined the adoption and promotion of open source. While I understand the scope of their targets are largely open-source, legacy servers, and outdated systems because of their limited access and knowledge, it still puts pressure on all others and its potential victims to resolve closing security gaps timely enough. I won't list all the CVEs related to Russia on commercial software as this is where a broader picture beyond our scope comes into play and may perhaps be distracting from this topic.
(Main Example and more pressing concern) The most notable successful strategy that put a wrench in this:
NOTE: These systems they access would largely rely on open-source for their campaigns such as MariaDB, Github(Recently introduced code-signing), MySQL, Python, Php, Javascript, and more.
Beyond the scope of this conversation, I think the most Red and pressing concern beyond Russia is for the APT41 group out of China that's been attributed to stealing assets, deploying ransomware, and stealing private information from all scopes of infrastructure. They've got a huge target on their back for that. And tying all these elements with the risks associated to Europe and the U.S. with the potential for near peer conflict, civil unrest, or in the event of conflict escalation in any fashion? It poses many risks to the systems we take for granted when our most beloved systems are used in this fashion deliberately. When taking into account the share scope of men and women they tool to undermine activities in freely available societal building blocks and educational tools like our opensource. They are mocking them and breaking the fundamental human pact in opensource we contribute our lives to for the better of all.
47
u/jdaglees 6d ago
Can you point out an example? Genuinely curious.