So much of software engineering is built on the implicit trust we place in other people. Even if you audit an entire piece of software, it has external dependencies. And those dependencies have dependencies, all of which could get compromised in a supply chain attack. It’s kind of a miracle that there seem to be very few incidents, or at least not much get reported in the media.
So much of software engineering is built on the implicit trust we place in other people. Even if you audit an entire piece of software, it has external dependencies. And those dependencies have dependencies, all of which could get compromised in a supply chain attack. It’s kind of a miracle that there seem to be very few incidents, or at least not much get reported in the media.