There is only one solution that stands any chance of being effective: to bolster massively the support that open source maintainers receive.
Yeah good luck with that.
They need to be properly financed so as to enable them to create broad teams with the human and technical resources to spot and fight LLM attacks of the kind that will come.
Even more luck with that. Companies (and governments) typically take much MUCH more than they give. When they give, it's only because it's in their own interests. One could argue this is in their interest, but middle and upper managers deciding these things typically are shortsighted to the point where they won't be able to understand the threat, the required investment, and the gains.
The sums required are trivial compared to the trillions of dollars of value created by open source software, selfishly used without payment by governments and companies alike.
Basically what I just said. Investments versus gains is crazy yet most companies won't be able to see this as the only thing they care about is their own bottom line.
They are also tiny compared to the losses that would be incurred by those same governments and companies around the world if such LLM attacks succeed in subverting key software elements.
Most managers won't care about this, instead hoping this will happen only after they've left with their bonusses
What’s frustrating is that this problem has been raised time and time again, and yet little has been done to address it.
This. This is exactly the result of what I'm saying
The xz Utils hack should be the digital world’s final wake-up call to tackle this core vulnerability of the open source world before it is too late.
You'd think so, yeah.
What we need is government support. We need governments to step up and give financial support to open source developers. Again, won't happen because Microsoft gives nice enough contracts to governments to focus on just that single US provider who totally won't fuck us over when the US government wants it