While the attack was quickly spotted and developers were eventually able to mitigate the compromise, it isn’t known how many people may have been affected.
The attack illustrates the extent to which Big Tech relies on open-source software. Without the many contributions of open-source developers, Apple, Amazon, Google, Microsoft, and everyone else would need to invest vast sums in building more of the infrastructure of our digital world.
This leaves a big weakness in tech that sophisticated attackers quite certainly recognize: under-resourced open-source software, developers, and repositories are potentially vulnerable. After all, when you leave relatively small numbers of not terribly well-resourced volunteers to look after critical infrastructure, it gives attackers a very short list of potential targets.
