Will a supply chain attack akin to the xz backdoor targeting developer toolchains be discovered before 2025?
23
1kṀ1503
resolved Jan 1
Resolved
NO

Market resolves YES if a vulnerability/backdoor is intentionally introduced into an open source project used heavily by developers for the purpose of developing software, or if in my estimation it appears to directly target developer users. The market will resolve 12/31/24, so it must be discovered by then to qualify. Must be a project with at least 1k GitHub stars at the time of discovery.

Examples of projects I would consider part of developer toolchains under most circumstances (not an exhaustive list):

• homebrew (maybe arbitrary, but my assumption is that mostly developers use this)

• Linters/formatters

• LSPs

• Text editors and plugins/etc

• AI code assistants

• Programming environment/version managers (pipenv, rbenv, nvm, etc)

Examples of projects I would not consider in-scope under most circumstances:

• The Linux kernel

• curl

• OpenSSH

• General LLMs

• Most libraries that are simply imported into other software projects

Get
Ṁ1,000
to start trading!

🏅 Top traders

#NameTotal profit
1Ṁ181
2Ṁ150
3Ṁ17
4Ṁ10
5Ṁ9
© Manifold Markets, Inc.TermsPrivacy