Microsoft: A 'Bad Actor' in the Software Supply Chain?

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Microsoft: A 'Bad Actor' in the Software Supply Chain?

2025-09-17

This article revisits software supply chain security issues, from Internet Explorer to npm, arguing that Microsoft's insufficient efforts to secure npm have led to rampant malware, threatening software development companies. The author points out critical security vulnerabilities in npm's postinstall scripts, easily exploited for attacks, while Microsoft, as the owner of npm, has taken little action. This makes software development less fun and more of a chore. The article calls for industry-wide efforts to build a secure software supply chain.

(tane.dev)

Development

Algebraic Types Aren't Scary: A Simple Explanation Using Set Theory

DataTables.net Suffers Major Outage Due to Domain Hijacking