I am tremendously naive to infosec and security in general, but I can predict that the big companies have measures in place to mitigate these risks. Containerization seems like it could help limit the scope of the damage, but the popular containers seem like they are more at risk (usually downloading the latest releases) to encounter these attacks.
What is the likelihood that some actors (state-sponsored or otherwise) could bring down some major systems? Not Google/Facebook/Visa/Netflix major, but widespread across many smaller platforms.
Blackhats and Whitehats out there must be collecting information on:
Which dependencies/libraries could be targeted
Which authors/publishers are vulnerable (regarding password safety, lib deployment mechanisms, ...)
Which systems/libs to compromise to affect classes of targets
I feel like this is a likely cyber attack vector over the next 10 years. How haven't there been more of these that are successful? Is someone building the intelligence in preparation for attacking? Are these systems actually secure (if you successfully avoid maliceful users)?