XZ Utils Scare Exposes Hard Truths About Software Security

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

https://www.darkreading.com/application-security/xz-utils-scare-exposes-hard-truths-in-software-security