I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously.

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 15:14:55 GMT

epic_null@infosec.exchange — Wed, 20 May 2026 15:14:55 GMT

@mttaggart Not that we know which one and can check our own extensions to make sure we aren't compromised. That would be too much to ask!

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 12:56:44 GMT

mttaggart@infosec.exchange — Wed, 20 May 2026 12:56:44 GMT

@bovaz You know, I think the constant compromise of their repositories and credentials is something of a bother in and of itself

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 09:49:03 GMT

bovaz@misskey.social — Wed, 20 May 2026 09:49:03 GMT

@mttaggart@infosec.exchange my fear is it's going to lead to more expensive and annoying policies from companies, bothering developers, so that compromised stuff is immediately deployed at company-scale.

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 09:19:09 GMT

mk30@tilde.zone — Wed, 20 May 2026 09:19:09 GMT

@mttaggart @peter that github news seems bad!

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 07:00:09 GMT

argv_minus_one@mastodon.sdf.org — Wed, 20 May 2026 07:00:09 GMT

@mttaggart

“Taking supply chain security seriously” involves laying off the productivity obsession and allowing programmers to remain calm, focused, and vigilant.

I don't think we're anywhere near that tipping point, unfortunately. Companies and politicians still think we can solve this problem with audits, regulations, and hoop jumping.

I discussed this in another thread earlier today: https://mastodon.sdf.org/@argv_minus_one/116602229559669722

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 05:22:45 GMT

luxliquida@critter.cafe — Wed, 20 May 2026 05:22:45 GMT

@mttaggart I'm sure vibe coding will make securing the supply chain easier and not harder /s

Reply to I'm really hoping this, and the last few weeks, are a tipping point toward taking supply chain security seriously. on Wed, 20 May 2026 04:45:53 GMT

shadowfetchai@mastodon.social — Wed, 20 May 2026 04:45:53 GMT

@mttaggart Gives me the chills. As a solo dev, my entire livelihood is tied to the integrity of my toolchain, and there's only so much I can realistically audit myself.