Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free TrialIs this doing things that are unexpected? Are there things happening that are potentially not exactly what you expect them to be? And the only way you do that is, again, comparing two entities. And there's a lot of different more advanced thoughts on this as you go down, and we're going to talk about those in another ReversingGlass episode, and I'm foreshadowing here with reproducible builds. But, in this example, you can actually use AI and other techniques to basically jump in and say: Hey, this was something that happened in the past, like a 3CX attack in the code signing issue or the SunBurst attack where differential analysis was the way that you actually figured out: hey this release had this, this release had something different, which led you down the path to either a novel attack or a known malware attack.
So if you're not thinking about tampering as it relates to software supply chain security you're missing the boat. So tampering is the way to do it, and the way you actually identify tampering in a package is post compilation, get it all compiled together, all the components, then break it back apart and compare it to itself.
If you're not thinking about tampering, you're not thinking about software supply chain security. Hope everybody enjoyed the quick episode. Thanks for watching.

