The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust

Over the past two years, attacks on multiple targets in the semiconductor industry have consistently led to leaks of firmware source code. A compromised developer device could potentially give an attacker access to the source code repository, adding a major gap in the security of the software supply chain. There are multiple policies in place to improve transparency in the firmware supply chain in general, but implementing and adopting them will take years. The technology industry is in the midst …

access attacker attacks code code repository compromised developer device firmware gap industry leaks led major repository sbom security semiconductor software software supply chain source code supply supply chain trust zero trust