Home > CAPEC List > CAPEC-439: Manipulation During Distribution (Version 2.9)  

CAPEC-439: Manipulation During Distribution

 
Manipulation During Distribution
Definition in a New Window Definition in a New Window
Attack Pattern ID: 439
Abstraction: Meta
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.

+ Examples-Instances

Description

A malicious OEM provider, or OEM provider employee or contractor, may install software, or modify existing code, during distribution.

Description

External contractors involved in the packaging or testing of products or components may install software, or modify existing code, during distribution.

+ References
[R.439.1] [REF-31] Information Technology Laboratory. "Supply Chain Risk Management (SCRM)". National Institute of Standards and Technology (NIST). 2010.
[R.439.2] SAFECode. "The Software Supply Chain Integrity Framework Defining Risks and Responsibilities for Securing Software in the Global Supply Chain". Safecode.org. 2009.
[R.439.3] [REF-32] Marianne Swanson, Nadya Bartol and Rama Moorthy. "Piloting Supply Chain Risk Management Practices for Federal Information Systems". Section 1. Introduction. Draft NISTIR 7622. National Institute of Standards and Technology. 2010.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Previous Entry Names
DatePrevious Entry Name
2015-11-09Integrity Modification During Distribution

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015