REMINDER: the community is in read-only mode until July 2nd. This is part of our platform upgrade! Learn more in the FAQs →
Forum Discussion
Bitwarden CLI Compromise
The thing that really worries me nowadays about using my computer is supply-chain attacks. I have used computers since Windows 3.1 in the 1990s (currently MacBook Pro M1) and have always been safe and sensible when using / running software.
However, these supply chain attacks are extremely concerning for me because I can now get infected by something no matter how safe I am... AND when downloading software from official sources.
I know that 1Password is designed very well from the blog posts and articles I've read from the company over the years. However, I'm very nervous downloading / updating / running ANY software now.
As LastPass has been hacked multiple times in the past, and now Bitwarden, it would be good if someone from 1Password could write something to address this changing threat landscape.
2 Replies
Replies have been turned off for this discussion
these supply chain attacks are extremely concerning for me because I can now get infected by something no matter how safe I am... AND when downloading software from official sources.
While supply chain attacks are not new, the increased size, number and complexity of components which are involved in creating software have made this a more challenging problem.
As with every other category of vulnerability which might affect us, the concern is not that such categories of vulnerabilities exist, or even what vulnerabilities exist, but how software providers respond to them when they are found. This has just become even more critical as the tools for finding vulnerabilities just gained superpowers.
While not authorised to do so, I'll answer for 1Password: we take security seriously. They could do better with transparency.
What we end users can and should do remains unchanged: choose good software, keep it up-to-date, learn how to use it well, and maintain good hygiene.
While no security product provides perfect protection, the use of an enterprise-class product on a personal machine reduces risk as compared to a consumer-grade product. Personally, I use GravityZone by Bitdefender on an iMac at home.
