Beyond Dependencies: The Real Picture of Software Supply Chain Security

Presentation

Beyond Dependencies: The Real Picture of Software Supply Chain Security

Anant Shrivastava | Founder, Cyfinoid Research

Date: Thursday, August 7 | 10:50am-11:30am ( Business Hall Theater C )

Format: 40-Minute Summit Session

Track: Supply Chain Micro Summit

Software Supply Chain Security has been a buzzword for the past few years, but as the initial hype settles, it’s time to ask: what’s actually working—and what’s being overlooked?

In response to rising threats, many organizations have rushed to implement SCA tools or generate SBOMs and called it a day. But security is rarely that simple. Is generating a BOM of your code dependencies truly enough? What about the unsigned binaries your devs download during prototyping, the Docker images pulled from random GitHub issues, or the low-friction APIs that newer technologies—like AI platforms—introduce into trusted environments?

This talk takes a 360-degree view of supply chain security—beyond just dependencies—to highlight the broader risks involved in how modern software is developed, integrated, deployed, and consumed. We’ll explore:

The lay of the land: current initiatives from open source foundations, government bodies, and industry players, and how individuals and organizations can contribute or align with them.
A clear definition of supply chain security—what it is and isn’t—so we stop chasing shadows and start solving real risks.
Why SBOMs are a valuable tool, but not a silver bullet. We’ll discuss where they shine, where they struggle, and what remains unaccounted for even with perfect SBOMs.
Case studies and real-world incidents illustrating how rapid tech adoption often outpaces secure design, leaving behind misconfigurations and attack surfaces across the software lifecycle.

Whether you’re building software or just using it, this session will challenge assumptions, offer practical mental models, and leave you with a grounded understanding of where your supply chain security posture actually stands—and where the gaps may lie.

AI Generated Summary

AI Generated Content Disclaimer

Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.

This comprehensive presentation at BlackHat USA 2025 argues that the software supply chain extends far beyond code dependencies. Anant Shrivastava traces supply chain trust issues back to Ken Thompson’s 1983 Turing Award lecture, surveys the global regulatory landscape, and systematically demonstrates that browser extensions, IDE plugins and marketplaces, AI coding agents, package manager scripts, CI/CD systems, container images, dependency caching servers, and even rogue maintainers all represent critical — and largely unmonitored — attack vectors. The talk provides the ATOM framework for action and an extensive toolkit of open-source tools for auditing, vetting, and visualizing the full software supply chain.

Key Topics Covered

Historical Context and Regulatory Landscape:

Supply chain attacks are not new: Ken Thompson’s 1983 lecture demonstrated implanting a backdoor via a compromised C compiler, inspired by a 1974 US military document on MULTICS security
ENISA forecasts supply chain compromise of software dependencies as a peak threat through 2030
Global government responses: US Executive Order, Japan’s Economic Security Bill, EU Cyber Resilience Act, UK regulations, and India’s CERT-In SBOM guidelines

Why Supply Chain Risks Are Accelerating:

Automated build pipelines create faster release cycles with less incentive to upgrade dependencies
OSS maintainers are overburdened and under-supported
Bug fixes and feature changes are impossible to segregate in dependency updates
Automated vulnerability notifications create alert fatigue — Dependabot alone closed 2.4M issues and created 120K new ones in roughly 5 months (Feb–Jun 2025)

SBoM and SCA — The Starting Point:

SBoM provides component-level inventory (name, version, checksum, license, dependencies)
SCA tools identify outdated, insecure, and EOL software and generate/consume SBoMs
These tools are necessary but cover only code dependencies — a fraction of the real supply chain

Supply Chains Beyond Code — Attack Vectors Explored:

Curl-pipe-to-shell attacks: servers detecting curl vs. browser and serving different content
Browser extensions: dozens of backdoored Chrome extensions on 2.6M devices; extensions with access to cookies, clipboard, tabs, and full network traffic; malicious EditThisCookie impersonator stealing credentials
VS Code extensions: malicious extensions with millions of installs on the official marketplace
VS Code marketplace ecosystem risk: Open VSX serves 8M+ developers across Cursor, Windsurf, Google Cloud Shell Editor, and GitLab Web IDE — a CI vulnerability could have allowed malicious updates to every extension
Homebrew impersonation: Google Ads driving traffic to a near-perfect replica site serving fake install.sh with credential-harvesting admin prompts
Package manager hooks: APT and RPM pre/post-install scripts executing arbitrary code
Notepad++ plugins: hijacked plugin DLLs and a full parasite impersonation website
AI coding agents: Cursor/Copilot rulefile injection via hidden whitespace characters, weaponizing code agents to produce malicious output
CI/CD systems: NSA/CISA guidance on defending CI/CD environments; TeamCity exploitation enabling SolarWinds-style attack chains
Container images: malicious containers on Docker Hub; supply chain threats via container image manipulation
Bait-and-switch: WordPress plugins purchased and backdoored (300K+ installations)
Rogue maintainers: peacenotwar sabotaging node-ipc; colors.js/faker.js maintainer corruption; malware authors targeting each other through npm

The ATOM Framework:

A — Awareness: move unknown risks into known risk categories
T — Trust But Verify: validate every dependency, tool, and service
O — Ongoing Monitoring: continuous checks for changes and anomalies
M — Measure & Map: answer real questions (how many machines have Chrome? how many plugins in GitHub workflows?)

Open-Source Tooling for Supply Chain Security:

SBoM Play: client-side SBoM visualization and intelligence extraction (cyfinoid.github.io/sbomplay)
3PTracer: third-party connection discovery via DNS, client-side and privacy-aware (cyfinoid.github.io/3ptracer)
Chrome extension auditing: extensionauditor.com
Endpoint visibility: osquery for querying Chrome extensions with risky permissions (clipboardWrite, all_urls, tabs, cookies)
GitHub/Actions security: Legitify, OpenSSF SCM Best Practices, Allstar for enforcing baselines, Zizmor for GitHub Actions analysis
Dependency vetting: Vet by SafeDep for automated policy-driven vetting; Overlay browser extension aggregating data from Snyk Advisor, Debricked, Socket.dev, and Deps.dev
Cloud auditing: ScoutSuite, Prowler, kube-hunter, kube-bench, KubiScan, kubeaudit, Trivy, Cosign for provenance

Frameworks and Standards:

SLSA (Supply-chain Levels for Software Artifacts) for build integrity
OWASP SCVS (Software Component Verification Standard) and NIST SSDF
pbom.dev — Open Software Supply Chain Attack Reference for threat modeling

Shadow IT — The Scariest Chain:

Non-technical staff (Biz Dev, HR, Finance) downloading AI IDEs, building applications, deploying on personal cloud accounts, and creating CNAME redirects — all outside IT governance

Actionable Takeaways

Expand your threat model beyond code dependencies to include browser extensions, IDE marketplaces, AI coding agents, CI/CD pipelines, container registries, package manager scripts, and dependency caching infrastructure.
Deploy osquery to inventory Chrome extensions with risky permissions across your organization and establish enterprise policies for extension whitelisting.
Audit your VS Code and IDE extension ecosystem — be aware that Open VSX marketplace vulnerabilities could affect all VS Code fork users (Cursor, Windsurf, GitLab Web IDE, etc.).
Secure CI/CD pipelines with Legitify, OpenSSF best practices, Allstar enforcement, and Zizmor analysis — these are the crown jewels of modern software delivery.
Use SafeDep’s Vet tool and the Overlay browser extension to vet open-source dependencies before adoption, aggregating health signals from multiple sources.
Implement the ATOM framework: build Awareness of your full supply chain, Trust But Verify all components, maintain Ongoing Monitoring, and Measure & Map your actual exposure.
Try SBoM Play and 3PTracer from Cyfinoid for immediate, privacy-preserving visibility into your organization’s dependency landscape and third-party connections.
Address Shadow IT proactively — establish governance for AI IDE usage and monitor for unsanctioned application deployments by non-engineering teams on personal cloud accounts.
Use SLSA, OWASP SCVS, and the pbom.dev attack reference to structure your supply chain security program around established frameworks rather than ad-hoc tooling.

Beyond Dependencies: The Real Picture of Software Supply Chain Security

Supply Chain Microsummit @ BlackHat USA 2025

07 August 2025

Presentation

Beyond Dependencies: The Real Picture of Software Supply Chain Security

AI Generated Summary

Key Topics Covered

Actionable Takeaways

Beyond Dependencies: The Real Picture of Software Supply Chain Security

Supply Chain Microsummit @ BlackHat USA 2025

07 August 2025

Presentation

Beyond Dependencies: The Real Picture of Software Supply Chain Security

AI Generated Summary

Key Topics Covered

Actionable Takeaways

Social chatter

🔗 Related Entities