A03:2025 — Software Supply Chain Failures

Q: What are Software Supply Chain Failures (OWASP A03:2025)?

A03:2025 is a new OWASP category covering the entire software supply chain: compromised packages, build pipeline attacks, dependency confusion, and malicious code injection. Driven by incidents like the XZ Utils backdoor.

Verified by Precogs Threat Research

OWASP Web 2025Rank #3

What are Software Supply Chain Failures (OWASP A03:2025)?

NEW in 2025. Expands the previous "Vulnerable and Outdated Components" to cover the entire software supply chain ecosystem: compromised packages, malicious code injection during build processes, tampered dependencies, vulnerable build pipelines, and unverified software distribution. Encompasses risks from dependency confusion, typosquatting, and build system compromises.

Impact

New category driven by high-profile incidents like the XZ Utils backdoor (CVE-2024-3094), SolarWinds, and Codecov attacks. Recognizes that supply chain integrity is now a top national security concern.

Related CWEs

How Precogs AI Addresses A03

Precogs AI Binary SAST compares binary signatures against known-good builds to detect supply chain tampering, identifies compromised dependencies in compiled artifacts, and scans for malicious code injected during build processes.

Scan for A03 Risks Book a demo

A03:2025 — Software Supply Chain Failures

What are Software Supply Chain Failures (OWASP A03:2025)?

Impact

Related CWEs

Risk Overview

Quick Links

Protect Against A03

How Precogs AI Addresses A03

A03:2025 — Software Supply Chain Failures

What are Software Supply Chain Failures (OWASP A03:2025)?

Impact

Related CWEs

Related Resources

🛡️ Notable Vulnerabilities

🔗 External References

Risk Overview

Quick Links

Protect Against A03

How Precogs AI Addresses A03