"Supply chain integrity attacks—unauthorized modifications to software packages—have been on the rise in the past two years, and are proving to be common and reliable attack vectors that affect all consumers of software."
Google Security Blog - Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
"Supply chains, both physical and digital, have an explicit reliance on trust, and adversaries have taken notice."
2021 Microsoft Digital Defense Report
"From February 2015 to June 2019, 216 software supply chain attacks were recorded. Then, from July 2019 to May 2020, the number of attacks increased to 929 attacks. However, in the past year, such attacks represented a 650% YoY increase."
2021 State of the Software Supply Chain