Supply Chain Security — Cybersecurity Mind Map
30. Supply Chain Security
Supply chain attacks compromise thousands of organisations through a single trusted vendor. This mind map covers the attack vectors, major incidents, and defensive frameworks.
Topics Covered
- Dependency confusion and typosquatting
- Build pipeline compromise: SolarWinds 2020
- Open source risks: Log4Shell, XZ Utils 2024
- SBOM with Syft and CycloneDX
- SLSA framework levels 1-4
- Sigstore and Cosign code signing
- Vendor risk: SOC 2, ISO 27001
- MSP risk: Kaseya VSA 2021
- NIST SP 800-161 and EO 14028