Supply Chain Threats - Software

Supply chain attacks have seen significant increases both in quantity and severity over the last few years. These attacks have resulted in varying level of impacts to companies, from minimal to catastrophic. Such attacks have targeted both hardware and software products as attackers attempt to leverage any avenue possible to disrupt or compromise the integrity of these products. Protection of the software supply chain is critical to both the validation of software solutions and the prevention of malicious alterations to otherwise legitimate code. The purpose of this document is to provide an outline of the software supply chain and the most critical attack points that need to be considered in order to mitigate associated attacks. This document should be used as a reference for organizations to assess their own mitigations and generate a prioritized plan for mitigating as many issues as possible.