"Without data, you're just another person with an opinion."
—W. Edwards Deming
It is tempting to tune out the cyberattack news cycle, dismissing the seemingly random assortment of reported attacks as nothing more than chance encounters of lucky defenders with unlucky attackers. It is easy to see the noise. It takes more effort—what amounts to digital wading—to find the signal, especially when dealing with public reporting on cyberattacks, but wade we did to assess the extent of software supply chain attacks. These attacks prey on the trust that makes code reuse possible and that produces the modern software cornucopia enjoyed by software developers and consumers alike.
Download Article:
Article Section:
COLUMNS
;login: issue: