CAPEC-443

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Medium Severity: High
Malicious Logic Inserted Into Product by Authorized Developer

Description

An adversary uses their privileged position within an authorized development organization to inject malicious logic into a codebase or product.

Prerequisites

Access to the product during the initial or continuous development.

Mitigations

Assess software and hardware during development and prior to deployment to ensure that it functions as intended and without any malicious functionality. This includes both initial development, as well as updates propagated to the product after deployment.