David A. Wheeler's Blog

Wed, 10 Apr 2019

Subversion of bootstrap-sass

A malicious backdoor has been found in the popular open source software library bootstrap-sass. Its impact was limited - but the next attack might not be. Thankfully, there are things we can learn and do to reduce those risks… but that requires people to think them through.

See my essay Subversion of boostrap-sass for more about that!

path: /oss | Current Weblog | permanent link to this entry