Deliver Uncompromised: Securing Critical Software Supply Chains Proposal to Established an End-to-End Framework for Software Supply Chain Integrity
Abstract
In 2017, the United States (U.S.) Office of the Director of National Intelligence (ODNI) released a short paper depicting the vast threat from software supply chain attacks.7 A software supply chain attack is defined as the compromise of software code through cyberattacks, insider threats, or other close access activities at any phase of the supply chain to infect an unsuspecting customer. 8 ODNI recognized that: Hackers are circumventing traditional cyber defenses to compromise software and delivery processes to enable successful, rewarding and stealthy methods to subvert large numbers of computers through a single attack. Cyber experts predicted the use of this attack vector because (1) many software development and distribution channels lack proper cyber and process protections, and(2) other cyberattack paths become less optimal as system owners improve the overall cybersecurity posture of their networks, components and computers. Adversaries can use these generalized attacks to target specific victims to conduct extortion campaigns or exfiltrate, manipulate or destroy data for some targeted, deliberate purpose.9
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2021
- Accession Number
- AD1147505
Entities
People
- Adam Pennington
- Charles Clancy
- Christopher Sledjeski
- Craig Wiener
- Joseph Ferraro
- Robert Martin
Organizations
- MITRE Corporation