Now, in the Long Run, this is great. We have a lot of third parties burning tokens to help you find any possible exploitable flaws in your software. And once they’re fixed, any software you’re running is more secure and less likely to have issues. (…) In the short term, it’s gonna be rough.
Not a day goes by without us checking how the latest supply chain attack might impact us. It’s a hassle, but I’d rather focus on the long-term picture. I just wonder how long before the biggest and most popular OSS projects all get seriously breached and patched. Until then, we’ll have to adapt and make sure we’re ready to act fast. My company has an entire infosec team, so we can pivot and evolve, but for solo coders and hobbyists, things’ll get worse before they get better.
Source: metabase.com