Libraries. Hushed temples to the civilizing power of knowledge, or launchpads of global destruction? Yep, another word tech has borrowed and debased. Code libraries are essential for adding just the right standard tested functionality to a project. They’re also a natural home for supply chain attacks that materialize malware in the heart of the enterprise like shock troops of Klingons arriving by transporter beam.
Last week saw a beaut. Polyfill.io, which serves 100,000-plus sites with JavaScript enhancements for older browsers, suddenly stood accused of poisoning its functions with malware and thus attacking all of those sites’ users. It wasn’t even believed to be the standard supply chain hack, where the bad guys get into an unsuspecting middleware peddler and plant the pathogens.
