<p>Thinking a lot about the <a href="https://mastodon.social/tags/xz" class="mention hashtag" rel="tag">#<span>xz</span></a> backdoor this week. Almost exactly 10 years ago, I wrote this about the <a href="https://mastodon.social/tags/Heartbleed" class="mention hashtag" rel="tag">#<span>Heartbleed</span></a> attack and how we should do more to support <a href="https://mastodon.social/tags/OSS" class="mention hashtag" rel="tag">#<span>OSS</span></a>, especially for important libraries. Sadly, almost all of what I wrote then is still relevant. <a href="https://web.archive.org/web/20140420132336/https://mashable.com/2014/04/14/heartbleed-open-source/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">web.archive.org/web/2014042013</span><span class="invisible">2336/https://mashable.com/2014/04/14/heartbleed-open-source/</span></a></p>