CAPEC-538 - Open Source Libraries Altered

An attacker with access to an open source code project and knowledge of its particular use for in a system being developed, manufactured, or supported for the victim, can insert malicious code into the open source software used for math libraries in anticipation of inclusion into the system for the purpose of disruption or further compromise within the victim organization.

Severity

Likelihood

Confidentiality

Integrity

Availability

High level: Advanced knowledge about the inclusion and specific usage of an open source code project within system being targeted for infiltration.

Access to the open source code base being used by the manufacturer in a system being developed or currently deployed at a victim location.