An attacker conducts supply chain attacks by the inclusion of insecure 3rd
						party components into a technology, product, or code-base, possibly
						packaging a malicious driver or component along with the product before
						shipping it to the consumer or acquirer. The result is a window of
						opportunity for exploiting the product or software until the insecure
						component is discovered. This supply chain threat can result in the
						installation of software that introduces widespread security vulnerabilities
						within an organization. One exampple could be the inclusion of an
						exploitable DLL (Dynamnic Link Library) included within an antivirus
						technology. Because software often depends upon a large number of
						interdependent libraries and components to be be present, security holes can
						be introduced merely by installing COTS software that comes pre-packaged
						with the components required for it to operate.