Trojan Source Attacks
Some Vulnerabilities are InvisibleRather than inserting logical bugs, adversaries can attack the encoding of source code files to inject vulnerabilities.These adversarial encodings produce no visual artifacts.
trojansource.codes
只能說以後Coding Guidance真的要好好遵守了. 註解夾在Source Code裡面真的會造成安全性問題.
但最終的問題還是在於使用外部Library的時候要怎麼預防…真的難…
