CAPEC-443
Malicious Logic Inserted Into Product by Authorized Developer
Description
An adversary uses their privileged position within an authorized development organization to inject malicious logic into a codebase or product.
Prerequisites
Access to the product during the initial or continuous development.
Mitigations
Assess software and hardware during development and prior to deployment to ensure that it functions as intended and without any malicious functionality. This includes both initial development, as well as updates propagated to the product after deployment.