Links with details on the attack and aftermath:
- https://www.openwall.com/lists/oss-security/2024/03/29/4 – initial public mail to oss-security by Andres Freund.
- https://tukaani.org/xz-backdoor/ – info page by Lasse Collin, the XZ maintainer.
- https://research.swtch.com/xz-timeline – a timeline of the attack by Russ Cox (including a list of additional links: https://research.swtch.com/xz-timeline#further_reading)
- https://research.swtch.com/xz-script – a detailed analysis by Russ Cox.
- https://marc.info/?l=openbsd-misc&m=171227941117852&w=2 – a shorter analysis by Christian Weisgerber, the OpenBSD XZ port maintainer.
- https://securelist.com/xz-backdoor-story-part-1/112354/ – an analysis in Kaspersky's SecureList blog.
- https://www.youtube.com/watch?v=Q6ovtLdSbEA – "Deep Dive into XZ Utils Backdoor - Columbia Engineering, Advanced Systems Programming Guest Lecture"