• DocumentCode
    1217017
  • Title

    Poisoning the software supply chain

  • Author

    Levy, Elias

  • Volume
    1
  • Issue
    3
  • fYear
    2003
  • Firstpage
    70
  • Lastpage
    73
  • Abstract
    To the indiscriminate and opportunistic attacker, breaking into a software package´s development and distribution site and waiting until unsuspecting users install it is more efficient than locating and hacking into users´ systems individually. Starting in 2002 and continuing in to 2003, we´ve seen new emphasis on this type of attack. All the recent activity has showcased the trend that attacks against open-source software distribution sites are increasing. The author looks at how softwares distribution-both open source and proprietary-can invite attacks.
  • Keywords
    authorisation; computer crime; public domain software; watermarking; open-source software distribution sites; proprietary software; public-key signatures; software distribution; software package development and distribution site; Computer security; Cryptography; Horses; Open source software; Packaging; Privacy; Programming; Software packages; Software tools; Supply chains;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSECP.2003.1203227
  • Filename
    1203227
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1217017