Malicious xz backdoor reveals fragility of open source

Analysis   The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical curiosity about latency from a Microsoft engineer.

You can read the full article here.