mccJun 24
Unpopular opinion: It is reasonable to describe random crap by volunteers with no warranty as part of a "supply chain" if it turns out a business is inhaling the random crap into their product. If a company's supply chain was to get their office furniture by driving around and seeing if anyone was throwing out couches on garbage day, that would be a supply chain, it would just be an obviously foolish one
Show threadmccJun 24
Wait I think I withdraw my above statement because "demand chain" / "software demand chain" is just too good
Show threadMarcos Dione
@mcc but notice that it also inverts some meanings: a healthy dema d chain is _not_ a good thing :)
Jun 25 at 4:21pmWeb
×
Show threadmccJun 24
Wait I think I withdraw my above statement because "demand chain" / "software demand chain" is just too good
Show threadjackJun 24
@mcc and the people making demands of that chain? We call them “chain yankers”.
Show threadJeremy KahnJun 24

@mcc "software demand chain attack" also works well

(it's a little "dragonball Z" but that may be an advantage)

Show threadDaniel DurransJun 24
@mcc Goldish Lookin Chain.
Show threadBill SeitzJun 24
@mcc software alms race
Show threadCogito ergo mecagoendiosJun 24
@mcc it also works really well at exposing the attack surface and whose fault it is. "It's a demand chain vulnerability because you went out of your way to obtain code from some random unpaid unknown actor and run it within your machine. You moron"
Show threadmkjJun 24

@elrohir It's not like there are greater assurances provided if the code is written by some known actor who/that gets paid.

@mcc

Show threadmccJun 24
@mkj @elrohir when i pay someone money i expect i get assurances in return
Show threadCassandrichJun 25
@mcc @mkj @elrohir Clearly that is not the industry norm these days...
Show threadBrar PieningJun 25
@dalias @mcc @mkj @elrohir At least you have *some* influence on how much time the person spends to work on the project.
Not that this wouldn't still lead to the situation that companies ask for way more than they pay for.
Show threadMarcos DioneJun 25
@mcc but notice that it also inverts some meanings: a healthy dema d chain is _not_ a good thing :)