My Vault

software-supply-chain-security

1 min read

Software Supply Chain Security

  • Why there is so much interest about it?
    • Solarwinds, Russian intelligent services implanted malware into it.
    • Vulnerabilities in log4shell
  • Strengths of this perspective
    • Matches the zeitgeist of high-profile attacks.
    • Does reflect a growing trend of using 3-rd party code.
    • Venture capitalists see this perspective.
  • Limits of this perspective
    • Attacks did start over 20 years ago
    • OWASP Top 10 has contained “outdated components” for a long time.
    • How significant is this risk?

Graph View

Backlinks