doc: add link to an attack that has happned

author: Lars Wirzenius <liw@liw.fi> 2020-12-13 13:16:06 +0200
committer: Lars Wirzenius <liw@liw.fi> 2020-12-13 13:16:06 +0200
commit: 7f8c0572310aa2994aafcf68dbcd3286a1925da9 (patch)
tree: 6fc664aeda07dfa7bad81ee365d08156d9297c8f /contractor.md
parent: f039d822db63d46c772c85f44db36909656ebf05 (diff)
download: contractor2-7f8c0572310aa2994aafcf68dbcd3286a1925da9.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/contractor.md b/contractor.md
index b441865..faa1795 100644
--- a/contractor.md
+++ b/contractor.md
@@ -83,6 +83,10 @@ The conclusion here is that to build software securely, we can't
 assume all code involved in the build to be secure. We need something
 more secure. The Contractor aims to be a possible solution.
 
+## Links to attacks
+
+* [Malicious npm package opens backdoors on programmers' computers](https://www.zdnet.com/article/malicious-npm-package-opens-backdoors-on-programmers-computers/)
+
 ## Threat model
 
 This section collects a list of specific threats to consider.
author	Lars Wirzenius <liw@liw.fi>	2020-12-13 13:16:06 +0200
committer	Lars Wirzenius <liw@liw.fi>	2020-12-13 13:16:06 +0200
commit	7f8c0572310aa2994aafcf68dbcd3286a1925da9 (patch)
tree	6fc664aeda07dfa7bad81ee365d08156d9297c8f /contractor.md
parent	f039d822db63d46c772c85f44db36909656ebf05 (diff)
download	contractor2-7f8c0572310aa2994aafcf68dbcd3286a1925da9.tar.gz