{"id":1151,"date":"2022-03-18T14:12:41","date_gmt":"2022-03-18T14:12:41","guid":{"rendered":"https:\/\/blog.dtc.ninja\/wp\/?p=1151"},"modified":"2022-03-18T15:59:14","modified_gmt":"2022-03-18T15:59:14","slug":"importance-of-source-code-management","status":"publish","type":"post","link":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/","title":{"rendered":"Importance of Source Code Management"},"content":{"rendered":"\n<p>A thought on security risks associated with code inheritance and supply chain security risks<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>The article below highlights a very interesting risk associated with Source Code Management.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.theregister.com\/2022\/03\/18\/protestware_javascript_node_ipc\/?td=rt-3a\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.theregister.com\/2022\/03\/18\/protestware_javascript_node_ipc\/?td=rt-3a<\/a><\/p>\n\n\n\n<p>This is not the first time that a developer has&nbsp;<a href=\"https:\/\/www.theverge.com\/2022\/1\/9\/22874949\/developer-corrupts-open-source-libraries-projects-affected\" target=\"_blank\" rel=\"noreferrer noopener\">purposely made changes<\/a>&nbsp;to code which have caused issues with either service availability and\/or data integrity.<\/p>\n\n\n\n<p>What stands these 2 issues apart from the supply-chain vulnerabilities such as the recent&nbsp;<a href=\"https:\/\/www.cisecurity.org\/solarwinds\" target=\"_blank\" rel=\"noreferrer noopener\">SolarWinds issue<\/a>, is that rather than a 3<sup>rd<\/sup>&nbsp;party compromising the source code used in a product, in the above two cases, it is the code owner themselves who have purposely made destructive changes&nbsp;<\/p>\n\n\n\n<p>Key to my message is the criticality of source code management, coupled with testing (eg. auto-regression testing as part of CI\/CD).\u00a0 It speaks strongly to the importance of careful analysis of code\/package inheritance, especially when working with opensource projects and code.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Fun Reading &#8230;<\/h1>\n\n\n\n<p>If you\u2019ve not read the following article \u2026 when you\u2019ve a few minutes and a nice fresh coffee \u2013 I\u2019d\u00a0<strong>strongly<\/strong>\u00a0(like my cheeky use of the HTML &lt;strong> tag there\u00a0?\u00a0) recommend reading\u00a0<a href=\"https:\/\/users.ece.cmu.edu\/~ganger\/712.fall02\/papers\/p761-thompson.pdf\">https:\/\/users.ece.cmu.edu\/~ganger\/712.fall02\/papers\/p761-thompson.pdf<\/a><\/p>\n\n\n\n<p>Written in 1984, it resonates as strongly today as it did when I first read it in the late 80\u2019s \/ early 90\u2019s !!!<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Original Post<\/h1>\n\n\n\n<p>This post was originally authored on this blog,&nbsp;you can also see the corresponding LinkedIn Article here &#8211; <a href=\"https:\/\/www.linkedin.com\/pulse\/importance-source-code-management-andrew-barnes\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.linkedin.com\/pulse\/importance-source-code-management-andrew-barnes<\/a> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A thought on security risks associated with code inheritance and supply chain security risks<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[23],"tags":[],"class_list":["post-1151","post","type-post","status-publish","format-standard","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Importance of Source Code Management - Digging Through Chaos<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Importance of Source Code Management - Digging Through Chaos\" \/>\n<meta property=\"og:description\" content=\"A thought on security risks associated with code inheritance and supply chain security risks\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Digging Through Chaos\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-18T14:12:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-18T15:59:14+00:00\" \/>\n<meta name=\"author\" content=\"barnesa\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@andrewbarnes666\" \/>\n<meta name=\"twitter:site\" content=\"@andrewbarnes666\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"barnesa\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/\"},\"author\":{\"name\":\"barnesa\",\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/#\\\/schema\\\/person\\\/28671f6a276e93878c5c6078f5598b99\"},\"headline\":\"Importance of Source Code Management\",\"datePublished\":\"2022-03-18T14:12:41+00:00\",\"dateModified\":\"2022-03-18T15:59:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/\"},\"wordCount\":261,\"commentCount\":0,\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/\",\"url\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/\",\"name\":\"Importance of Source Code Management - Digging Through Chaos\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/#website\"},\"datePublished\":\"2022-03-18T14:12:41+00:00\",\"dateModified\":\"2022-03-18T15:59:14+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/#\\\/schema\\\/person\\\/28671f6a276e93878c5c6078f5598b99\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/2022\\\/03\\\/18\\\/importance-of-source-code-management\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Importance of Source Code Management\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/#website\",\"url\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/\",\"name\":\"Digging Through Chaos\",\"description\":\"One Geek&#039;s journey through barely controlled Chaos\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.dtc.ninja\\\/wp\\\/#\\\/schema\\\/person\\\/28671f6a276e93878c5c6078f5598b99\",\"name\":\"barnesa\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9959dbb2f296be6a198a91b8e9b6b4628adfa31c5bf138814a1aa35f4183874?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9959dbb2f296be6a198a91b8e9b6b4628adfa31c5bf138814a1aa35f4183874?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a9959dbb2f296be6a198a91b8e9b6b4628adfa31c5bf138814a1aa35f4183874?s=96&d=mm&r=g\",\"caption\":\"barnesa\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Importance of Source Code Management - Digging Through Chaos","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/","og_locale":"en_US","og_type":"article","og_title":"Importance of Source Code Management - Digging Through Chaos","og_description":"A thought on security risks associated with code inheritance and supply chain security risks","og_url":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/","og_site_name":"Digging Through Chaos","article_published_time":"2022-03-18T14:12:41+00:00","article_modified_time":"2022-03-18T15:59:14+00:00","author":"barnesa","twitter_card":"summary_large_image","twitter_creator":"@andrewbarnes666","twitter_site":"@andrewbarnes666","twitter_misc":{"Written by":"barnesa","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/#article","isPartOf":{"@id":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/"},"author":{"name":"barnesa","@id":"https:\/\/blog.dtc.ninja\/wp\/#\/schema\/person\/28671f6a276e93878c5c6078f5598b99"},"headline":"Importance of Source Code Management","datePublished":"2022-03-18T14:12:41+00:00","dateModified":"2022-03-18T15:59:14+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/"},"wordCount":261,"commentCount":0,"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/","url":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/","name":"Importance of Source Code Management - Digging Through Chaos","isPartOf":{"@id":"https:\/\/blog.dtc.ninja\/wp\/#website"},"datePublished":"2022-03-18T14:12:41+00:00","dateModified":"2022-03-18T15:59:14+00:00","author":{"@id":"https:\/\/blog.dtc.ninja\/wp\/#\/schema\/person\/28671f6a276e93878c5c6078f5598b99"},"breadcrumb":{"@id":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.dtc.ninja\/wp\/2022\/03\/18\/importance-of-source-code-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.dtc.ninja\/wp\/"},{"@type":"ListItem","position":2,"name":"Importance of Source Code Management"}]},{"@type":"WebSite","@id":"https:\/\/blog.dtc.ninja\/wp\/#website","url":"https:\/\/blog.dtc.ninja\/wp\/","name":"Digging Through Chaos","description":"One Geek&#039;s journey through barely controlled Chaos","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.dtc.ninja\/wp\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.dtc.ninja\/wp\/#\/schema\/person\/28671f6a276e93878c5c6078f5598b99","name":"barnesa","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a9959dbb2f296be6a198a91b8e9b6b4628adfa31c5bf138814a1aa35f4183874?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a9959dbb2f296be6a198a91b8e9b6b4628adfa31c5bf138814a1aa35f4183874?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a9959dbb2f296be6a198a91b8e9b6b4628adfa31c5bf138814a1aa35f4183874?s=96&d=mm&r=g","caption":"barnesa"}}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9551p-iz","jetpack-related-posts":[{"id":348,"url":"https:\/\/blog.dtc.ninja\/wp\/2019\/08\/03\/hacking-insulin-pumps\/","url_meta":{"origin":1151,"position":0},"title":"Hacking Insulin Pumps","author":"barnesa","date":"August 3, 2019","format":false,"excerpt":"The ethics of hacking insulin pumps ... in this blog post, I would like to\u00c2\u00a0discuss a few thoughts about the pros, cons, and risks, of \"playing\" with a medical device! Introduction Recently Medtronic Diabetes\u00c2\u00a0released an advisory for\u00c2\u00a0its MiniMed\u00c2\u00a0508 and MiniMed Paradigm insulin pumps. \u00c2\u00a0This advisory warned consumers that a new\u2026","rel":"","context":"In &quot;Diabetes&quot;","block_context":{"text":"Diabetes","link":"https:\/\/blog.dtc.ninja\/wp\/category\/diabetes\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":184,"url":"https:\/\/blog.dtc.ninja\/wp\/2017\/11\/30\/nov-2017-intel-security-vulnerabilities\/","url_meta":{"origin":1151,"position":1},"title":"Nov 2017 &#8211; Intel Security Vulnerabilities","author":"barnesa","date":"November 30, 2017","format":false,"excerpt":"In recent days, Intel has announced a new set of vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms. Specifically, they have found issues with systems using certain firmware.\u00c2\u00a0 This is documented in the following advisory -\u00c2\u00a0Intel-SA-00086 -\u00c2\u00a0https:\/\/security-center.intel.com\/advisory.aspx?intelid=intel-sa-00086 Firmware at risk Intel have advised that systems using one\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/blog.dtc.ninja\/wp\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2971,"url":"https:\/\/blog.dtc.ninja\/wp\/2022\/11\/01\/openssl-security-advisories-cve-2022-3602-and-cve-2022-3786\/","url_meta":{"origin":1151,"position":2},"title":"OpenSSL Security Advisories &#8211; CVE-2022-3602 and CVE-2022-3786","author":"barnesa","date":"November 1, 2022","format":false,"excerpt":"OpenSSL have just published 2 HIGH security advisories \u2014 previously pre-announced as a single CRITICAL advisory The update patches a buffer overrun vulnerability that happens during the certificate verification. The certificated needs to contain a malicious Punycode encoded name, and the vulnerability is only triggered AFTER the certificate chain is\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/blog.dtc.ninja\/wp\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":150,"url":"https:\/\/blog.dtc.ninja\/wp\/2017\/10\/16\/wpa2-wifi-security-compromised\/","url_meta":{"origin":1151,"position":3},"title":"KRACK &#8211; WPA2 WiFi Security Compromise","author":"barnesa","date":"October 16, 2017","format":false,"excerpt":"In what has been a tightly guarded message to manufacturers of WiFi Access Points, it has now been revealed that the long-trusted WPA2 security protocol has been compromised. Proof of Concept Compromise The Proof of Concept (PoC) exploit has been nick-named\u00c2\u00a0\"KRACK\" - short for \"Key Reinstallation AttaCKs\" by the security\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/blog.dtc.ninja\/wp\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":104,"url":"https:\/\/blog.dtc.ninja\/wp\/2017\/09\/13\/blueborne-bluetooth-devices-beware\/","url_meta":{"origin":1151,"position":4},"title":"Blueborne &#8211; Bluetooth devices beware!","author":"barnesa","date":"September 13, 2017","format":false,"excerpt":"So I've just finished reading about a new Bluetooth attack called \"Bluebourne\". \u00c2\u00a0This new attack allows for remote compromise of a Bluetooth-enabled device, even if the devices are not paired to being with! The announcement follows the disclosure, by security researchers, \u00c2\u00a0of 8 new zero-day vulnerabilities in the Bluetooth protocol.\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/blog.dtc.ninja\/wp\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":57,"url":"https:\/\/blog.dtc.ninja\/wp\/2017\/08\/30\/700m-email-addresses-leaked\/","url_meta":{"origin":1151,"position":5},"title":"700m Email Addresses Leaked","author":"barnesa","date":"August 30, 2017","format":false,"excerpt":"In what is likely one of the\u00c2\u00a0largest ever reported data breaches, over 700 million email addresses, and some passwords, have been leaked via a spambot\u00c2\u00a0- there is a good chance you be affected! Often when we hear of data breaches, it's\u00c2\u00a0a company or other trusted organisation which has either failed\u2026","rel":"","context":"In &quot;Email&quot;","block_context":{"text":"Email","link":"https:\/\/blog.dtc.ninja\/wp\/category\/email\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/posts\/1151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/comments?post=1151"}],"version-history":[{"count":4,"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/posts\/1151\/revisions"}],"predecessor-version":[{"id":1169,"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/posts\/1151\/revisions\/1169"}],"wp:attachment":[{"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/media?parent=1151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/categories?post=1151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.dtc.ninja\/wp\/wp-json\/wp\/v2\/tags?post=1151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}