llsoftsecbook icon indicating copy to clipboard operation
llsoftsecbook copied to clipboard
verified publisher icon llsoftsec

Consider section on supply chain attacks?

Open sam-ellis opened this issue 4 years ago • 2 comments

Consider if supply chain attacks on a compiler itself are within the scope of the book. For example, compilers are widely deployed and so could be an attractive target for an attacker to insert code into the compiler to do bad things. Attacks can occur at source level or in the distribution of binaries.

sam-ellis avatar Oct 11 '21 07:10 sam-ellis

Thanks for the suggestion. I think supply chain attacks are within the scope of the book.

kbeyls avatar Oct 11 '21 07:10 kbeyls

This points to a somewhat different but interesting example for a section into supply chain attacks: https://news.ycombinator.com/item?id=9755856

g-kouv avatar Oct 11 '21 10:10 g-kouv