In a reminder that open source products can carry significant risks beyond intellectual property, a vulnerability in a compression tool commonly used by developers has triggered widespread concerns. 

XZ Utils (“XZ”) is an open source data compression utility, first published in 2009, and widely used in Linux and macOS systems. The tool is primarily used