Why you should care about the xz exploit

The greatest backdoor there never was: CVE-2024–3094

Photo by Claudio Schwarz on Unsplash

On Friday, March 29, 2024, Andres Freund rocked the open-source software (OSS) community, and, frankly, the entire software community by revealing that he had found a shocking backdoor in the xz compression utils. The Microsoft engineer goes into some detail about the steps he took to find the cause of the…