Narrowing the Software Supply Chain Attack Vectors: The SSDF Is Wonderful but not Enough
- Resource Type
- Periodical
- Authors
- Williams, L.
- Source
- IEEE Security & Privacy IEEE Secur. Privacy Security & Privacy, IEEE. 22(2):4-7 Apr, 2024
- Subject
- Computing and Processing
Aerospace
Bioengineering
Components, Circuits, Devices and Systems
Engineered Materials, Dielectrics and Plasmas
Engineering Profession
Fields, Waves and Electromagnetics
General Topics for Engineers
Nuclear Engineering
Robotics and Control Systems
Signal Processing and Analysis
Transportation
Communication, Networking and Broadcast Technologies
Photonics and Electrooptics
Power, Energy and Industry Applications
- Language
- ISSN
- 1540-7993
1558-4046
Recent years have shown increased cyberattacks targeting less secure elements in the software supply chain and causing fatal damage to businesses and organizations. Past well-known examples of software supply chain attacks are the SolarWinds or log4j incidents that have affected thousands of customers and businesses. In 2023, Sonatype1 reported the detection of 245,000 malicious packages, double the number of malicious packages discovered in 2019–2022 combined.