by yogorenapan on 3/28/2024, 7:26:14 AM with 0 comments
Say there’s a project like the Linux kernel which accepts a high volume of patches from possibly malicious entities (e.g. Chinese companies). What are some common back doors or exploits they could try to hide within a block of legitimate changes? What are some ways to more easily spot them?