CAPEC-439
Manipulation During Distribution
Draft
2014-06-23
00h00 +00:00
00h00 +00:00
2021-06-24
00h00 +00:00
00h00 +00:00
Alert dla konkretnego CAPEC
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CAPEC.
Opisy CAPEC
An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.
Informacje CAPEC
Powiązane słabości
| Nazwa słabości | |
|---|---|
CWE-1269 |
Product Released in Non-Release Configuration The product released to market is released in pre-production or manufacturing configuration. |
Odniesienia
REF-379
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (2nd Draft)Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alex Holbrook, Matthew Fallon.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-draft2.pdf
REF-384
The Software Supply Chain Integrity Framework Defining Risks and Responsibilities for Securing Software in the Global Supply ChainSAFECode.
REF-382
Piloting Supply Chain Risk Management Practices for Federal Information SystemsMarianne Swanson, Nadya Bartol, Rama Moorthy.
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses, Taxonomy_Mappings | |
| CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |
