Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Software Supply Chain Attack - When modern software applications, such as websites or mobile phone apps, are built using complex supply chains of third party libraries or open source components which are COMPROMISED.

Thursday, March 14, 2019

Software Supply Chain Attack - When modern software applications, such as websites or mobile phone apps, are built using complex supply chains of third party libraries or open source components which are COMPROMISED.

No wonder, #9 in OWASP top 10 is "Using Components with Known Vulnerabilities".

In supply chain attacks, attackers leverage trusted third party vendors to deliver malware to unsuspecting customers by inserting malware into third-party code

Through the supply chain threat actors can reach a wide range of organizations due to third party code that is used by so many software engineers across all industries.

Furthermore, there is no good way to partition third party libraries or code from your organization’s in-house built code. As a result, it all runs within the same privilege.

https://blog.checkpoint.com/2019/03/13/mobile-supply-chain-attacks-are-more-than-just-an-annoyance/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Thursday, March 14, 2019

Software Supply Chain Attack - When modern software applications, such as websites or mobile phone apps, are built using complex supply chains of third party libraries or open source components which are COMPROMISED.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive