. https://attilasec.com/blog/software-supply-chain-threats/
blog article
Large organizations in both the public and private sector routinely work with subcontractors for everything from the supply of manufactured components to the supply of custom computer code. For example, government agencies may contract with software development companies for the supply of code used in U.S. defense systems. In some cases, a software supplier may be a large company with its own information security department, but in other cases the supplier may simply be a small group of highly specialized coders. Smaller organizations like this often lack robust cybersecurity and present a true vulnerability. Cyber criminals hack into the systems of smaller suppliers as means of gaining access to government and large corporate networks. Often cyber criminals may insert malicious code into software that is then subsequently supplied to government agencies or large private corporations. Supply Chain Vulnerabilities. A software supply chain breach can occur when a malicious code is added to what is considered a “friendly” or trusted application. When the seemingly innocuous trusted program is opened, the malicious code is unwittingly uploaded to the network. READ MORE