Skip to content

Latest commit

 

History

History
 
 

supply-chain-security

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Software Supply Chain

Supply chain compromises are a powerful attack vector. In cloud native deployments everything is software-defined, so there is increased risk when there are vulnerabilities in this area. If an attacker controls the supply chain, they can potentially reconfigure anything in an insecure way.

What are supply chain vulnerabilities and their implications?

The Catalog of Supply Chain Compromises provides real-world examples that help raise awareness and provide detailed information that let's us understand attack vectors and consider how to mitigate potential risk.

On mitigating vulnerabilities

There is on-going work to establish best practices in this area. The list of types of supply chain compromises in the catalog of supply chain compromises suggests some mitigation techniques for the more well understood categories.

Supply chain security paper

STAG (Security Technical Advisory Group) has put work into a comprehensive software supply chain paper highlighting best practices for high and medium risk environments. Please check out the paper and corollary secure supply chain assessment document to learn more. For information about contributing to the document or providing feedback, please refer to the README.