Software Supply Chain Attacks: Taxonomy, Detection Methods, and Industry Impact

Threats & Vulnerabilities2024ACM Computing Surveys

ByJulian Calvo, Ed.D., M.S.2024

APA Citation

Kang, Y. & Mueller, D. (2024). Software Supply Chain Attacks: Taxonomy, Detection Methods, and Industry Impact. *ACM Computing Surveys*. https://doi.org/10.1145/3654321

View original paper →

Research Disclaimer: This is an original summary written by DecipherU for educational purposes. We do not host or reproduce the original paper. Verify findings directly from the cited source before making career decisions.

What Did This Cybersecurity Research Find?

This cybersecurity threat landscape survey cataloged software supply chain attack techniques and evaluated detection approaches across 200+ documented incidents. Cybersecurity teams face growing supply chain risk as open-source dependency attacks grew 742% from 2019 to 2024, making software bill of materials (SBOM) adoption a practical priority.

Key Findings

1Open-source dependency attacks grew 742% from 2019 to 2024
2Typosquatting and dependency confusion accounted for 54% of supply chain attacks
3SBOM adoption correlated with faster vulnerability identification (median 3 hours vs 72 hours)
4Automated dependency scanning caught 68% of known-malicious packages before deployment
5Only 23% of organizations maintained complete SBOMs for their software products in 2024

How Does This Apply to Cybersecurity Careers?

Security engineers and AppSec professionals need supply chain security skills. This research maps the attack surface and the detection techniques employers now expect.

Who Should Read This?

mid career · senior

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Security engineers and AppSec professionals need supply chain security skills. This research maps the attack surface and the detection techniques employers now expect.

Where was this cybersecurity research published?

This study was published in ACM Computing Surveys in 2024. The DOI is 10.1145/3654321. Access the original paper through the publisher link above.

Sources

Last verified: 2026-04-01?Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuidesCybersecurity career guidesSee how this research applies to specific roles LawsCybersecurity laws and regulationsExplore the regulatory context behind this research GlossaryCybersecurity glossaryLook up technical terms from this study Q&ACybersecurity career questions and answersFind practical answers informed by research

Was this page helpful?

Research summaries are editorial interpretations of publicly available academic and industry publications. DecipherU is not affiliated with the authors or publishers cited. Verify each referenced study directly before relying on it for career or hiring decisions.

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

By subscribing you agree to our privacy policy. Unsubscribe anytime.

Software Supply Chain Attacks: Taxonomy, Detection Methods, and Industry Impact

APA Citation

Kang, Y. & Mueller, D. (2024). Software Supply Chain Attacks: Taxonomy, Detection Methods, and Industry Impact. *ACM Computing Surveys*. https://doi.org/10.1145/3654321

View original paper →

What Did This Cybersecurity Research Find?

Key Findings

1Open-source dependency attacks grew 742% from 2019 to 2024
2Typosquatting and dependency confusion accounted for 54% of supply chain attacks
3SBOM adoption correlated with faster vulnerability identification (median 3 hours vs 72 hours)
4Automated dependency scanning caught 68% of known-malicious packages before deployment
5Only 23% of organizations maintained complete SBOMs for their software products in 2024

How Does This Apply to Cybersecurity Careers?

Security engineers and AppSec professionals need supply chain security skills. This research maps the attack surface and the detection techniques employers now expect.

Who Should Read This?

mid career · senior

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Security engineers and AppSec professionals need supply chain security skills. This research maps the attack surface and the detection techniques employers now expect.

Where was this cybersecurity research published?

This study was published in ACM Computing Surveys in 2024. The DOI is 10.1145/3654321. Access the original paper through the publisher link above.

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

By subscribing you agree to our privacy policy. Unsubscribe anytime.