Journey to the Center of Software Supply Chain Attacks

04/11/2023

∙

This work discusses open-source software supply chain attacks and proposes a general taxonomy describing how attackers conduct them. We then provide a list of safeguards to mitigate such attacks. We present our tool "Risk Explorer for Software Supply Chains" to explore such information and we discuss its industrial use-cases.

READ FULL TEXT

Journey to the Center of Software Supply Chain Attacks

Taxonomy of Attacks on Open-Source Software Supply Chains

Software supply chain: review of attacks, risk assessment strategies and security controls

Building a Secure Software Supply Chain with GNU Guix

Preventing or Mitigating Adversarial Supply Chain Attacks; a legal analysis

What is Software Supply Chain Security?

Contrasting global approaches for identifying and managing cybersecurity risks in supply chains

A Systems Approach to Achieving the Benefits of Artificial Intelligence in UK Defence

Journey to the Center of Software Supply Chain Attacks

Related Research

Taxonomy of Attacks on Open-Source Software Supply Chains

Software supply chain: review of attacks, risk assessment strategies and security controls

Building a Secure Software Supply Chain with GNU Guix

Preventing or Mitigating Adversarial Supply Chain Attacks; a legal analysis

What is Software Supply Chain Security?

Contrasting global approaches for identifying and managing cybersecurity risks in supply chains

A Systems Approach to Achieving the Benefits of Artificial Intelligence in UK Defence