5 Ways Your Software Supply Chain is Out to Get You, Part 5: Hostile Takeover
We have come to the fifth and last part of this blog series on software supply chain attacks. Previously, we discussed four notorious supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, Exploit Open Source Libraries, and Dependency Confusion and provided insight into how these methods are threatening software ... Read More
5 Ways Your Software Supply Chain is Out to Get You, Part 4: Dependency Confusion
Previously, we discussed how three kinds of supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, and Exploit Open Source Libraries are threatening software supply chains, passing risk downstream to the organizations and users that trust and depend on them. In this fourth installment, we explain the concept of ... Read More
5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries
In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party Applications, are threatening software supply chains, transferring an extraordinary amount of risk downstream to the organizations and users that trust and depend on them. In the third part of this series, ... Read More
5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications
In Part 1 of this series, we explained how and why our software supply chain transfers an extraordinary amount of risk downstream to the organizations and users that trust and depend on it. We also presented evidence suggesting that 2021 may well be the year of the Software Supply Chain ... Read More
5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise
Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including Commerce, Treasury, and Homeland Security, had been severely compromised through a malicious backdoor surreptitiously implanted into network management software supplied by a trusted vendor, SolarWinds. Weeks later, tens of ... Read More