Mastodon Feed
Reblogged by slightlyoff@toot.cafe ("Alex Russell"):
molly0xfff@hachyderm.io ("Molly White") wrote:
Attachments:
- Second, the FTX Group failed to adopt certain standard controls in order to ensure the integrity of its code.42 For example, there was no effective process for securely introducing, updating, or patching software, and no procedures, such as scanning, to continually ensure the integrity of the code running on FTX Group servers. Thus, among many other harms, the FTX Group was highly vulnerable to software “supply chain” attacks in which malicious actors insert vulnerabilities into third-party software in order to compromise any organization that uses the software.43 Furthermore, with only minimal code review and testing procedures in place, and no focus on continuous security testing, the FTX Group did not review, test, or otherwise deploy its code in a manner that sufficiently ensured that it was functioning as expected and free of vulnerabilities that might be leveraged by malicious actors. (remote)
