Software Supply-Chain Attacks

What are software supply-chain attacks?

Software supply-chain attacks seek to infiltrate upstream software providers – often “obscure but essential” software with admin and network access to install backdoors. Depending on how widely used the targeted software is, an upstream attack can cascade to thousands of systems and enterprises. Upstream attacks pose a particular challenge to organizations that aren’t going to build their own software and don’t have effective measures in place to manage counterparty risk.