update description

Signed-off-by: Tom Hennen <tomhennen@google.com>
slsa-framework · Oct 17, 2024 · 2462a5c · 2462a5c
1 parent 53e6650
commit 2462a5c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/spec/draft/threats-overview.md b/docs/spec/draft/threats-overview.md
@@ -53,7 +53,7 @@ Many recent high-profile attacks were consequences of supply chain integrity vul
 <td>A
 <td>Producer
 <td><a href="https://en.wikipedia.org/wiki/XZ_Utils_backdoor">XZ Utils Backdoor</a>: A maintainer intentionally inserted malicious behavior into a legitimate package.
-<td>SLSA does not address this threat.
+<td>SLSA does not directly address this threat, but in open source software it could make it easier to discover by forcing malicious behavior into the publicly available source code.
 <tr>
 <td>B
 <td>Authoring & reviewing