An Analysis of Software Supply Chain Attacks – Part Two

To avoid backdoors being introduced unknowingly, the software production process needs to be closely controlled. The software must be written, built and tested by the authors without any external interference. In practice this means managing the whole process using a repository. The repository contains all the artefacts relating to software production – source code, test data, build scripts and the resulting builds. Builds are uniquely identified and the repository contains all the information needed to trace backwards to establish how it was built, what testing it had and the source code it was built from. Also, when source artefacts change, the repository makes it possible to identify the user responsible.

Leave a Reply

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.