Supply Chain Attack

TermConcept

A supply chain attack is an attack that does not target a victim directly but rather one of its upstream suppliers — software vendor, open-source library, MSP — to indirectly reach a large number of targets via a compro…

A supply chain attack is an attack that does not target a victim directly but rather one of its upstream suppliers — software vendor, open-source library, MSP — to indirectly reach a large number of targets via a compromised update or component.

Landmark incidents include SolarWinds (2020), Codecov (2021), Log4Shell (2021), 3CX (2023) and the xz-utils affair (2024), where a malicious maintainer injected a backdoor into a foundational Linux library.

Countermeasures include SBOMs, artifact signing (Sigstore, in-toto, SLSA), build isolation, vendored dependencies and reducing the surface area of third-party dependencies.

Related terms

Ready to find the missing piece of your team?

Let's talk about your hiring needs. A team member will get back to you quickly to qualify the brief and kick off the search.

Start a search I'm a candidate

Supply Chain Attack

Related terms

SBOM

AI Act

API

Back-end

Context Window

Embeddings

Ready to find the missing piece of your team?