From 27eb14212717780ca1d5e3ac9f5b09157f2e7692 Mon Sep 17 00:00:00 2001
From: himazawa <73994521+himazawa@users.noreply.github.com>
Date: Sun, 31 Mar 2024 10:29:19 +0200
Subject: [PATCH] post: added chapter on recursive checks

---
 content/posts/xz-backdoor/index.en.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/content/posts/xz-backdoor/index.en.md b/content/posts/xz-backdoor/index.en.md
index c6053eb..d5c2a41 100644
--- a/content/posts/xz-backdoor/index.en.md
+++ b/content/posts/xz-backdoor/index.en.md
@@ -150,6 +150,8 @@ Also take in considerations that we are humans, and we make errors. Passing a co
 ### Enterprise vs Individual
 This is a controversial topic because there are projects that are maintained by individuals that are well structured but usually relying on (large) enterprise projects will ensure their SDLC best practices are followed, money are keeping the project alive, and a big company is less likely to go all in and backdoor their project on purpose. Again, this just increases the probablity, don't take it for granted ;)
 
+### Recursive controls
+The project you are including will probably also have dependencies, make sure the same scrutiny is applied by the project maintainers on their supply chain to avoid indirect compromission.
 
 ## Resources