📦
Software Supply Chain
Security
Everything that goes into making software: libraries, tools, and updates.
Definition
The software supply chain is the app you use plus all the parts it depends on: libraries, build tools, cloud services, and update systems.
In plain English
Everything that goes into making software: libraries, tools, and updates.
Why this matters
Why it matters: If any upstream part is compromised, users can be affected even if they trust the app.
Example
Example: A popular library is hacked and the malicious update spreads to many apps.