Poisoning the Software Supply Chain

  title={Poisoning the Software Supply Chain},
  author={Elias Levy},
  journal={IEEE Security & Privacy},
To the indiscriminate and opportunistic attacker, breaking into a software package’s development and distribution site and waiting until unsuspecting users install it is more efficient than locating and hacking into users’ systems individually. Starting in 2002 and continuing in to 2003, we’ve seen new emphasis on this type of attack. All the recent activity has showcased the trend that attacks against open-source software distribution sites are increasing (see the sidebar on p. 72). In this… CONTINUE READING