Uncovering Software Supply Chains Vulnerability: A Review of Attack Vectors, Stakeholders, and Regulatory Frameworks.

The proliferation of cyberattacks in the software supply chain (SSC) domain is a critical concern making them a formidable threat to software security and compromising its integrity and credibility which needs to be seriously acknowledged and investigated. This paper aims to conduct a comprehensive study of the various tactics and techniques employed by cyber-criminals in this domain along with a focus on exploring the effect of software supply chain stakeholders' traits, limitations, and actions on the probability of a successful attack. Furthermore, this research also identifies the regulatory tools and protocols administrating software supply chains that support decreasing an organization's proneness to these challenges. Our study adopts a rigorous methodology to investigate the frequency of attacks, current defense techniques, and gaps combined with an overview highlighting where ransomware attacks occur amidst this discussion. The findings will provide valuable insights concerning the recent trends in disrupting the security and efficiency of the software supply chain and offer recommendations to researchers, organizations, and practitioners to remain cautious and proactive in their cybersecurity posture.