Software Supply Chain Security: The Dataset

Want to dive deeper into the Breaking Trust database? You have come to the right place.

Software Supply Chain Security: The Dataset

Share this story

Software supply chain attacks are a regular feature of cybersecurity but remain understudied as a tactic of malicious actors and a tool of cyber statecraft. This dashboard provides an interactive visualization of the dataset and its major trends. The charts break down incidents by several criteria, including scale and impact, when they took place, the responsible actors (if attributed), targeted codebase, and attack and distribution vectors.

A list of every incident in this dataset is available at the bottom of the page, and both this list and all charts and graphs can be further filtered by the slider and drop-down menus below. Clicking on any value will offer the option to filter the entire dashboard. To download the filtered version of the tableau dashboard and the dataset, please use the download button in the bottom right. Definitions of key terms and data categories can be found by hovering over values in each graph or chart the codebook, which can be downloaded along with the full dataset below.

To download the full dataset or its codebook, use the buttons below.

Update 3 – 2023 – 250 entries, 168 software supply chain attacks and 82 disclosures

Update 2 – 2021 – 161 entries, 117 software supply chain attacks and 44 disclosures

Update 1 – 2020 – 115 entries, 82 software supply chain attacks and 33 disclosures 

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.