by yogorenapan on 3/28/24, 7:26 AM with 0 comments
Say there’s a project like the Linux kernel which accepts a high volume of patches from possibly malicious entities (e.g. Chinese companies). What are some common back doors or exploits they could try to hide within a block of legitimate changes? What are some ways to more easily spot them?