Title :
Poisoning the software supply chain
Abstract :
To the indiscriminate and opportunistic attacker, breaking into a software package´s development and distribution site and waiting until unsuspecting users install it is more efficient than locating and hacking into users´ systems individually. Starting in 2002 and continuing in to 2003, we´ve seen new emphasis on this type of attack. All the recent activity has showcased the trend that attacks against open-source software distribution sites are increasing. The author looks at how softwares distribution-both open source and proprietary-can invite attacks.
Keywords :
authorisation; computer crime; public domain software; watermarking; open-source software distribution sites; proprietary software; public-key signatures; software distribution; software package development and distribution site; Computer security; Cryptography; Horses; Open source software; Packaging; Privacy; Programming; Software packages; Software tools; Supply chains;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSECP.2003.1203227
