Supply Chain Security(Supply Chain Security)

Supply Chain Security in software encompasses the practices used to detect and eliminate vulnerabilities and malicious code throughout the software development and distribution lifecycle — including open-source libraries, package registries, CI/CD pipelines, and deployment tooling. The field gained widespread attention after the 2020 SolarWinds attack and the 2021 Log4Shell vulnerability, both of which demonstrated how a compromised dependency can propagate risk across thousands of downstream products. In the AI era, new risk vectors include LLM-generated code containing latent bugs, hallucinated package names (typosquatting risk), and the degradation of bug bounty signal quality that can delay detection of real OSS vulnerabilities.

※ Auto-generated stub — requires completion