An [[attack]] whereby the [[attacker]] tries to gain access via the supply chain of a system. In terms of individual software products, it might be through attacking one of the libraries the software relies on. This is where a [[Software Bill of Materials]] may reduce the risk, by listing all libraries and allowing auditors to verify the supply chain. However, from the perspective of a larger system, there is a real concern. Supply chains are recursive and complex: business units rely on suppliers, who rely on suppliers, and so on. It therefore makes logical sense to see the reliance on one or two suppliers of everything, and it is a natural outcome to seek ERP systems that can do everything. (They never can)