Accession Number:



Deliver Uncompromised: Securing Critical Software Supply Chains Proposal to Established an End-to-End Framework for Software Supply Chain Integrity

Descriptive Note:

[Technical Report, Study/Analysis]

Corporate Author:


Report Date:


Pagination or Media Count:



In 2017, the United States U.S. Office of the Director of National Intelligence ODNI released a short paper depicting the vast threat from software supply chain attacks.7 A software supply chain attack is defined as the compromise of software code through cyberattacks, insider threats, or other close access activities at any phase of the supply chain to infect an unsuspecting customer. 8 ODNI recognized that Hackers are circumventing traditional cyber defenses to compromise software and delivery processes to enable successful, rewarding and stealthy methods to subvert large numbers of computers through a single attack. Cyber experts predicted the use of this attack vector because 1 many software development and distribution channels lack proper cyber and process protections, and2 other cyberattack paths become less optimal as system owners improve the overall cybersecurity posture of their networks, components and computers. Adversaries can use these generalized attacks to target specific victims to conduct extortion campaigns or exfiltrate, manipulate or destroy data for some targeted, deliberate purpose.9

Subject Categories:

  • Computer Programming and Software
  • Computer Systems Management and Standards

Distribution Statement:

[A, Approved For Public Release]