summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2020-12-13 13:16:06 +0200
committerLars Wirzenius <liw@liw.fi>2020-12-13 13:16:06 +0200
commit7f8c0572310aa2994aafcf68dbcd3286a1925da9 (patch)
tree6fc664aeda07dfa7bad81ee365d08156d9297c8f
parentf039d822db63d46c772c85f44db36909656ebf05 (diff)
downloadcontractor2-7f8c0572310aa2994aafcf68dbcd3286a1925da9.tar.gz
doc: add link to an attack that has happned
-rw-r--r--contractor.md4
1 files changed, 4 insertions, 0 deletions
diff --git a/contractor.md b/contractor.md
index b441865..faa1795 100644
--- a/contractor.md
+++ b/contractor.md
@@ -83,6 +83,10 @@ The conclusion here is that to build software securely, we can't
assume all code involved in the build to be secure. We need something
more secure. The Contractor aims to be a possible solution.
+## Links to attacks
+
+* [Malicious npm package opens backdoors on programmers' computers](https://www.zdnet.com/article/malicious-npm-package-opens-backdoors-on-programmers-computers/)
+
## Threat model
This section collects a list of specific threats to consider.