While the “Trojan Source” vulnerabilities
have, thus far, generated far more publicity than examples of actual
exploits, addressing the problem still seems like a good thing to do.
There are several places where defenses could be put into place; text
editors, being the place where developers look at a lot of code, are one
obvious example. The discussion of how to enhance Emacs in this regard has
made it clear, though, that there are multiple opinions about how an editor
should flag potential attacks.
もっと詳しく