An attacker uses their privileged position within an authorized software
						development organization to inject malicious logic into a codebase or
						product. Supply chain attacks from approved or trusted developers are
						extremely difficult to detect as it is generally assumed the quality control
						and internal security measures of these organizations conform to best
						practices. In some cases the malicious logic is intentional, embedded by a
						disgruntled employee, programmer, or individual with an otherwise hidden
						agenda. In other cases, the integrity of the product is compromised by
						accident (e.g. by lapse in the internal security of the organization that
						results in a product becoming contaminated). In other cases, the developer
						embeds a backdoor into a product to serve some purpose, such as product
						support, but discovery of the backdoor results in its malicious use by
						hackers.