An Analysis of Software Supply Chain Attacks

We want rich functionality, which means having complex software, which makes it too complex to test exhaustively. And the scale is such that no one author can create it or understand all the tools they import in detail to be sure there are no flaws. So, the software vendor cannot be sure the end result doesn’t have any undesirable backdoor functionality. This is not necessarily a big problem, because any attack introduced in this way has to be targeted or coordinated, but systems are opening up more and more, and this is making more room for this kind of attack.

Leave a Reply

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.