Malicious xz backdoor reveals fragility of open source

This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy
Analysis The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical curiosity about latency from a Microsoft engineer.…