CAPEC-439

Manipulation During Distribution
Draft
2014-06-23 00:00 +00:00
2021-06-24 00:00 +00:00

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.

Informations

Related Weaknesses

CWE-ID Weakness Name
CWE-1269 Product Released in Non-Release Configuration
The product released to market is released in pre-production or manufacturing configuration.

References

REF-379

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (2nd Draft)
Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alex Holbrook, Matthew Fallon.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-draft2.pdf

REF-384

The Software Supply Chain Integrity Framework Defining Risks and Responsibilities for Securing Software in the Global Supply Chain
SAFECode.

REF-382

Piloting Supply Chain Risk Management Practices for Federal Information Systems
Marianne Swanson, Nadya Bartol, Rama Moorthy.

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Related_Weaknesses, Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Taxonomy_Mappings
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.