Sicherheit der Lieferkette (Supply Chain Security)
Schutz der Integrität von Waren, Dienstleistungen und Informationen in der Lieferkette, einschließlich physischer Logistik und Softwareentwicklung.
Die Sicherheit der Lieferkette konzentriert sich auf die Minderung von Risiken durch die Vernetzung der Akteure. Dazu gehören die Sicherung der physischen Logistik vor Diebstahl und Manipulation sowie die Softwaresicherheit (Abhängigkeitsmanagement, SBOM, Code-Signing). Ziel ist es, Vertrauen und Transparenz zu schaffen.
graph LR
Center["Sicherheit der Lieferkette (Supply Chain Security)"]:::main
Rel_supply_chain_attacks["supply-chain-attacks"]:::related -.-> Center
click Rel_supply_chain_attacks "/terms/supply-chain-attacks"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Erkläre es wie einem 5-Jährigen
Generated ELI5 content
🤓 Expert Deep Dive
Generated expert content
❓ Häufig gestellte Fragen
What is the primary objective of supply chain security?
The primary objective is to enhance the security of the supply chain or value chain by protecting the integrity, availability, and confidentiality of goods, services, and information throughout its lifecycle, including transport and logistics.
How does supply chain security apply to software?
In software, supply chain security involves securing the components, libraries, tools, and processes used to develop, build, and publish software artifacts. This includes managing dependencies, ensuring code integrity, and protecting the development and deployment pipelines.
What are common risks in supply chain security?
Common risks include lack of visibility into dependencies, compromised credentials, insecure third-party integrations, vulnerabilities in components, and physical or digital tampering during transit or within development processes.