SPC-15 · Mobile Threat Catalogue
Archived: 2026-04-06 02:09:27 UTC
Mobile Threat Catalogue
Unsecured or Malicious 3rd Party Components
Contribute
Threat Category: Supply Chain
ID: SPC-15
Threat Description: Unsecured, potentially malicious 3rd party components of a technology or code-base can be
packaged with a product before shipment to an acquirer.
1
Threat Origin
Supply Chain Attack Framework and Attack Patterns 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
References
1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;
www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2
Source: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-15.html
https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-15.html
Page 1 of 1