CIO priority: Software Supply chain Security
Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. The new CIO security priority: Your software supply chain | CIO
Recent cyber-attacks like SolarWinds, CodeCov, and Kaseya have brought the Software Supply chain security
What is a supply chain?
A supply chain is the combination of the ecosystem of resources needed to design, develop and deploy a product. In cybersecurity, a supply chain includes hardware and software, open-source components
Modern software development has made the software supply chain more complex than it was only a few years ago. There are multiple reasons for this growing complexity:
领英推荐
Software supply chain attacks
In a software supply chain attack, attackers use malicious code to compromise an “upstream” component in the chain with the end goal of compromising the target of the attack: the “downstream component”. Compromising the upstream component is not the end goal; it merely opens a window of opportunity for the attackers to compromise the target of the attack, by inserting malware or providing a backdoor for future access, for example. Source Integrity Build Integrity SCM Source Developer Distribution Package Dependency CI/CD Build Use Artifact Process Platform Any one of the links making up the software supply chain can be compromised. Indeed, there are as many possible supply chain targets as there are types of software. But current research highlights three main targets: dependencies, pipelines, and the combination of the two: pipeline dependencies.
References for further reading:
Arunkumar VR Priyamvadha Vembar Prakash Thangavelu Sureshkumar VS Tamilselvan Sellappan Bhuvanesh B
Gen AI Expert |AI in Cyber Security |Cloud Security | Cyber Security
1 年Few of the readers asked about the major attacks happened on Software Supply Chain specially in last 2 years. In next article I am planning to focus more on this. Requesting you to please write your feedback and suggestions in comment and please collaborate together to make it more interactive. We all are here to learn from experience of each other. ??
Gen AI Expert |AI in Cyber Security |Cloud Security | Cyber Security
1 年In this introductory post research from different sources has been used for reference. Moving forward the discussion will be narrowed down to talk about specific use case and its solution. Let us start exploring and talking about DevSecOps, Security as Code, Software Supply Chain Security.