
How to Bury a Major Breach Notification - rishabhd
https://krebsonsecurity.com/2017/02/how-to-bury-a-major-breach-notification/
======
raesene9
Great example of supply chain risks and attacker's with a flexible approach
here.

Why bother compromising a large number of hardened bank/government networks
when you can backdoor a software update server that delivers code directly to
the desktops of privileged users in those companies...

It's a tricky problem to solve to. Automatic updates are very good for
reducing the number of people running outdated & vulnerable code, but
centralized software update servers become tempting targets for attackers.

