RASP Image

5 Ways Your Software Supply Chain is Out to Get You, Part 5: Hostile Takeover

We have come to the fifth and last part of this blog series on software supply chain attacks. Previously, we discussed four notorious supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, Exploit Open Source Libraries, and Dependency Confusion and provided insight into how these methods are threatening software ... Read More
RASP Image

5 Ways Your Software Supply Chain is Out to Get You, Part 4: Dependency Confusion

Previously, we discussed how three kinds of supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, and Exploit Open Source Libraries are threatening software supply chains, passing risk downstream to the organizations and users that trust and depend on them. In this fourth installment, we explain the concept of ... Read More
Exploit Open Source Libraries Image

5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries

In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party Applications, are threatening software supply chains, transferring an extraordinary amount of risk downstream to the organizations and users that trust and depend on them. In the third part of this series, ... Read More
Exploitation of Third Party Applications Image

5 Ways Your Software Supply Chain is Out to Get You, Part 2: Exploit Third Party Applications

In Part 1 of this series, we explained how and why our software supply chain transfers an extraordinary amount of risk downstream to the organizations and users that trust and depend on it. We also presented evidence suggesting that 2021 may well be the year of the Software Supply Chain ... Read More
RASP Image

5 Ways Your Software Supply Chain is Out to Get You, Part 1: Vendor Compromise

Is 2021 the year of the software supply chain attack? In late 2020, an incredible story broke: US government agencies, including Commerce, Treasury, and Homeland Security, had been severely compromised through a malicious backdoor surreptitiously implanted into network management software supplied by a trusted vendor, SolarWinds. Weeks later, tens of ... Read More