←back to thread

Open Source is one person

(opensourcesecurity.io)
433 points LawnGnome | 9 comments | 28 Aug 25 01:54 UTC | HN request time: 0.217s | source | bottom
1. andersmurphy ◴[28 Aug 25 10:06 UTC] No.45050365[source]
I find it more concerning that the DoD uses node.

I might be wrong but npm etc feels like a very large attack surface.

replies(3): >>45050940 #>>45051144 #>>45053066 #
2. ◴[28 Aug 25 11:39 UTC] No.45050940[source]
3. lantry ◴[28 Aug 25 12:05 UTC] No.45051144[source]
The DoD is a huge organization, so I'd guess they use almost everything.
replies(2): >>45051301 #>>45057920 #
4. kube-system ◴[28 Aug 25 12:24 UTC] No.45051301[source]
> The DoD is a huge organization

That's an understatement if there ever was one.

https://en.wikipedia.org/wiki/List_of_largest_employers

replies(2): >>45053540 #>>45053697 #
5. dghlsakjg ◴[28 Aug 25 15:01 UTC] No.45053066[source]
Why?

The DOD is one of the world's largest organizations. There are people there who do things like publish newsletters and put up webpages for people like boy scouts to arrange tour bases. It is totally fine to use Node for things like that.

Those systems are not connected to the systems that fire missiles. If the sign up page for the 4th of July fireworks announcement gets vandalized, it isn't really an issue.

6. chamomeal ◴[28 Aug 25 15:37 UTC] No.45053540{3}[source]
Woah that’s insane, I didn’t realize it was THAT big. And that’s not even counting the zillions of contractors and consultants. I live in the DC area and I know a ton of people who work for places that contract for the DOD, and only like 2 people who actually work there
replies(1): >>45054028 #
7. ARandomerDude ◴[28 Aug 25 15:49 UTC] No.45053697{3}[source]
I think I'm even more amazed that Walmart has almost as many employees as the DoD.
8. spott ◴[28 Aug 25 16:20 UTC] No.45054028{4}[source]
That is including all us military personnel, which puts it into perspective a bit.
9. tracker1 ◴[28 Aug 25 22:50 UTC] No.45057920[source]
There's a reason it's the largest budget item outside entitlements. There's a lot of money flowing into DoD (and Military Industrial Complex vendors).