Daniel Stenberg, creator of curl, argues that software security must shift from trust-based to verification-based models. He outlines multiple attack vectors including malicious contributors, compromised credentials, and supply chain attacks that can infiltrate even well-established projects. The article emphasizes the importance of verifying software integrity at every level of the dependency chain rather than relying on trust in developers or projects.
Background
This article comes from Daniel Stenberg, the creator of the widely-used curl command line tool, following increased awareness of software supply chain attacks. The recent xz utils backdoor incident has heightened concerns about trust models in open source software.
- Source
- Lobsters
- Published
- Mar 26, 2026 at 10:17 PM
- Score
- 7.0 / 10