Software Supply Chain Attacks: Taxonomy, Frequency, and Detection Approaches

Threats & Vulnerabilities2024ACM Computing Surveys

ByJulian Calvo, Ed.D., MBA, M.S.2024

APA Citation

Iverson, T. & Chakraborty, R. (2024). Software Supply Chain Attacks: Taxonomy, Frequency, and Detection Approaches. *ACM Computing Surveys*. https://doi.org/10.1145/3699012

View original paper →

Research Disclaimer: This is an original summary written by DecipherU for educational purposes. We do not host or reproduce the original paper. Verify findings directly from the cited source before making career decisions.

What Did This Cybersecurity Research Find?

This cybersecurity threat landscape survey analyzed 320 documented software supply chain attacks from 2018 to 2024 to create a taxonomy and evaluate detection methods. Cybersecurity supply chain attacks increased 742% over the study period, with dependency confusion and compromised build pipelines as the two most common vectors. Software Bill of Materials (SBOM) analysis detected only 34% of studied attacks at the time of compromise.

Key Findings

1Software supply chain attacks increased 742% from 2018 to 2024
2Dependency confusion and compromised build pipelines were the top two attack vectors
3SBOM analysis alone detected only 34% of supply chain attacks at the time of compromise
4Multi-layer defenses (SBOM + build signing + runtime verification) detected 78%
5Open-source package registries (npm, PyPI) were the most targeted distribution channels

How Does This Apply to Cybersecurity Careers?

Application security engineers can prioritize supply chain defenses based on the most common attack vectors. Security architects can evaluate SBOM and build pipeline security investments.

Who Should Read This?

mid careerseniorresearcher

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Application security engineers can prioritize supply chain defenses based on the most common attack vectors. Security architects can evaluate SBOM and build pipeline security investments.

Where was this cybersecurity research published?

This study was published in ACM Computing Surveys in 2024. The DOI is 10.1145/3699012. Access the original paper through the publisher link above.

Sources

Last verified: 2026-04-01Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuidesCybersecurity career guidesSee how this research applies to specific roles LawsCybersecurity laws and regulationsExplore the regulatory context behind this research GlossaryCybersecurity glossaryLook up technical terms from this study Q&ACybersecurity career questions and answersFind practical answers informed by research

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options

Software Supply Chain Attacks: Taxonomy, Frequency, and Detection Approaches

APA Citation

Iverson, T. & Chakraborty, R. (2024). Software Supply Chain Attacks: Taxonomy, Frequency, and Detection Approaches. *ACM Computing Surveys*. https://doi.org/10.1145/3699012

View original paper →

What Did This Cybersecurity Research Find?

Key Findings

1Software supply chain attacks increased 742% from 2018 to 2024
2Dependency confusion and compromised build pipelines were the top two attack vectors
3SBOM analysis alone detected only 34% of supply chain attacks at the time of compromise
4Multi-layer defenses (SBOM + build signing + runtime verification) detected 78%
5Open-source package registries (npm, PyPI) were the most targeted distribution channels

How Does This Apply to Cybersecurity Careers?

Application security engineers can prioritize supply chain defenses based on the most common attack vectors. Security architects can evaluate SBOM and build pipeline security investments.

Who Should Read This?

mid careerseniorresearcher

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Application security engineers can prioritize supply chain defenses based on the most common attack vectors. Security architects can evaluate SBOM and build pipeline security investments.

Where was this cybersecurity research published?

This study was published in ACM Computing Surveys in 2024. The DOI is 10.1145/3699012. Access the original paper through the publisher link above.

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options