In my years of experience supporting the federal government in different capacities, I have seen the evolution of attack methods match the pace of innovation as our information systems become even more advanced. No matter the state of the technology, it is always that proverbial “cat and mouse” game where the good guys try to stay ahead of the bad guys. As this never-ending battle continues, one of the new kinds of software supply chain attacks caught many organizations and agencies off guard early this year when a researcher revealed that he had successfully infiltrated his own code into applications for a surprising number of well-known companies.
Article Link: What is Dependency Confusion and Why Does it Matter in the Federal Sector?