A (partial) history of software supply chain attacks

Paul Roberts
Blog Author

Paul Roberts,

Cyber Content Lead at ReversingLabs.


The widespread campaign of software supply chain attacks that has become known as the “SolarWinds attack” began in 2020, and unofficially elevated software supply chain security to the top echelon of cyber risks to both government and the private sector. Subsequent events, like the emergence of the Log4Shell vulnerability in the Log4j2 open source library, underscored that software supply chain risk is for real.

But if you are thinking that software supply chain threats and attacks are a new problem plaguing software companies and their customers, you are wrong. In fact: software supply chain attacks have been with us for years — decades even — though they haven’t always demanded the kind of attention and response they are now receiving.

See our chronology of known software supply chain attacks, compiled from public records and reporting.

[ Get key takeaways from a survey of 300+ security professionals on software security. Plus: Download the report: Flying Blind: Firms Struggle to Detect Software Supply Chain Attacks ]