Software Supply Chain Security
Software Supply Chain Security
| Supervisor(s): | Michael Heinl |
| Status: | finished |
| Topic: | Others |
| Author: | Victor Embacher |
| Submission: | 2022-02-11 |
| Type of Thesis: | Guided Research |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionSoftware supply chain (SWSC) attacks are on the rise and have increased as much as 650% in 2020.
This paper differentiates the SWSC security discipline from already established software security.
We list existing supply chain attacks, how they differ from the known threat of attackers targeting
vulnerable dependencies, show where in the software development lifecycle they might happen, and
how trust relationships introduce risk.
To counteract this threat, we also give an overview on which measures exist to protect the supply chain
and reduce risks associated with using external dependencies.
Securing the whole supply chain is essential, as the chains break at the weakest link.
|
|