Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects – Open Source Security Foundation (openssf.org)

submitted 1 week ago by Danterious@lemmy.dbzer0.com to c/opensource@lemmy.ml

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[-] haui_lemmy@lemmy.giftedmc.com 4 points 1 week ago

If only we could do something to prevent that sort of thing… like making foss development an actual source of income for example!

[-] ___@lemm.ee 2 points 1 week ago

We need a security competition. Pick the winners and standardize them and solidify their versions a little once verified. Rerun every 2yrs

[-] theshatterstone54@feddit.uk 1 points 1 week ago

Github-associated emails

I hope this gets taken seriously by CISA and they are ntact Microsoft and the email providers to see what sort of information can be found out about these "individuals". I'm usually against tracking but in this case, it can help us understand more about the malicious actors, like, are their IPs coming from a certain state, or are they all isong a VPN, and if so, which one? And then, if applicable, getting in touch with the VPN provider and getting as much data as possible.

How about using that data to aid in investigations (as it jas beem done mamy times before)? I mean, imagine this turns out to be a state actor! We need to know what's happening. We need to know if these are connected. And this information can help predict their next move.

To quote Gandalf from the LOTR films (not sure if that quote is in the books):

"Send word to all our allies... The enemy's moving against us. We need to know where he will strike".

Also, first they tried to strike Linux systems, then they tried to strike the Web. What's next? If anyone has any ideas, feel free to share them here, as we can get an idea of what projects need to be more vigilant.