2 Matching Annotations
  1. Apr 2026
  2. a16z.com a16z.com
    https://a16z.com/et-tu-agent-did-you-install-the-backdoor/
    2
    1. fxp007 16 Apr 2026
      The average application contains over 1,100 open source components. A bare-bones Next.js project installs 282 packages before you write a single line.

      令人惊讶的是:一个看似简单的Next.js项目在编写任何代码前就自动安装了282个包,而平均应用程序包含超过1,100个开源组件。这意味着开发者对自己使用的代码库了解极其有限,为供应链攻击创造了巨大机会。

      surprising dependency-graph fun-fact
    2. fxp007 09 Apr 2026
      a living attack surface that needs continuous monitoring.

      这一观点重塑了我们对软件供应链的认知模型。依赖图不再是静态的、可信任的组件清单,而是一个动态演化、充满变数的活体攻击面。这要求防御体系从周期性的静态审计转向实时的持续监控,在依赖引入的瞬间进行行为拦截,实现安全左移的终极形态。

      dependency-graph defense-strategy shift-left
    Visit annotations in context

    Tags

    Annotators

    URL

    a16z.com/et-tu-agent-did-you-install-the-backdoor/