TL;DR

Your business runs on software you didn't write, built from packages you've never audited, delivered by vendors you've never assessed. Software supply chain attacks — SolarWinds, 3CX, the npm/xz backdoor — exploit that blind spot. This guide covers the concrete controls Australian SMBs can implement now: SBOMs, VEX documents, SLSA build levels, code signing with sigstore, package registry risk reduction, vendor security questionnaires, and the ACSC's supply chain guidance — with a practical checklist and a 10-question vendor assessment template you can use today.

Why Software Supply Chain Risk Matters for Australian SMBs

The software supply chain is everything between "a developer wrote code" and "that code runs in your environment" — every dependency, build tool, package registry, CI/CD pipeline, and third-party library in between. Attackers have figured out that compromising one upstream package can cascade into thousands of downstream victims. The xz-utils backdoor (CVE-2024-3094) nearly shipped into every major Linux distribution via a single compromised maintainer. The 3CX attack cascaded through a compromised dependency of a dependency. Australian SMBs are not too small to be affected — they're too small to recover quickly from a breach that destroys customer trust.

The Australian Cyber Security Centre (ACSC) has explicitly identified supply chain risks as a priority under the Australian Government's 2023-2030 Cyber Security Strategy. For SMBs, the exposure is twofold: you consume third-party software (SaaS, libraries, containers) and you produce software that customers may rely on. Both directions need controls.

The Core Frameworks: SBOM, VEX, and SLSA

SBOM (Software Bill of Materials) is a machine-readable inventory of every component in a piece of software — including transitive dependencies, versions, and licenses. Think of it as a nutrition label for software. The NTIA (US) and ACSC both recommend SBOMs as a foundational supply chain control. When a new CVE drops, an SBOM lets you answer "are we exposed?" in minutes instead of days. SBOMs use standard formats: SPDX, CycloneDX, and SWID tags.

VEX (Vulnerability Exploitability Exchange) solves the noise problem. When a CVE is published, thousands of SBOM matches fire — but most aren't exploitable in your context. A VEX document is a publisher's statement about whether a specific vulnerability actually affects their product. VEX turns a flood of CVE alerts into a prioritized list. If your vendor provides VEX alongside their SBOM, your triage time drops from hours to minutes.

SLSA (Supply-chain Levels for Software Artifacts) is a framework that defines progressive levels of build integrity — from "anyone could have tampered with this" to "verified, reproducible builds in a hardened platform." There are four levels:

  • SLSA Level 1: Build process documented (build provenance exists)
  • SLSA Level 2: Hosted build service with provenance generation (tamper-resistant build logs)
  • SLSA Level 3: Hardened build platform with non-falsifiable provenance (isolated, verified builds)
  • SLSA Level 4: Hermetic, reproducible builds with verified provenance (two-party reviewed)

For SMBs, you don't need to achieve SLSA Level 4 internally — but you should ask vendors what SLSA level their build pipeline meets. If they can't answer, that's a red flag.

Code Signing and Package Registry Risk Reduction

Sigstore is the modern code signing standard adopted by the Kubernetes ecosystem, npm, PyPI, and others. It uses ephemeral keyless signing backed by OIDC identity (Google, GitHub, Microsoft) and a transparency log (Rekor) so anyone can verify that a package was signed by who it claims to be. Sigstore eliminates the key management burden that made traditional code signing impractical for open-source projects.

For package registry risk reduction, practical steps include:

  • npm: Enable npm audit signatures and use npm ci with lockfiles pinned. Prefer packages with provenance attestations (sigstore signing is now available on npm). Use npm config set ignore-scripts false cautiously — postinstall scripts are a common attack vector.
  • PyPI: Pin versions in requirements.txt with hashes (pip install --require-hashes). PyPI now supports sigstore signing — verify provenance where available. Avoid packages with typosquatted names.
  • Docker Hub: Use content-addressable digests (image@sha256:...) instead of tags. Tags are mutable; digests are not. Prefer distroless or minimal base images. Scan with Trivy or Grype in CI. Pull from private registries with signed images where possible.

The SolarWinds attack (SUNBURST, 2020) and the Codecov bash uploader compromise (2021) both demonstrate why build pipeline integrity and artifact signing matter — the attack wasn't in the source code, it was in the build process and the delivery mechanism.

Vendor Security Attestation: What to Ask Your SaaS Providers

Most SMBs don't build software — they consume it. That makes vendor assessment your primary supply chain control. A vendor security questionnaire isn't a formality; it's how you determine whether a breach at your SaaS vendor becomes a breach at your company.

Key attestation areas:

  1. SBOM availability: Can the vendor provide an SBOM (SPDX or CycloneDX) for the software they deliver to you?
  2. Vulnerability disclosure: Does the vendor have a coordinated vulnerability disclosure (CVD) policy? What's their average patch time for critical CVEs?
  3. Build integrity: Does their CI/CD pipeline meet SLSA Level 2 or higher? Do they sign their artifacts?
  4. Incident history: Have they had a supply chain incident in the last 24 months? What was the scope and remediation?
  5. Data handling: Where is your data stored? Is it encrypted at rest and in transit? Who has access?
  6. Subprocessor transparency: Do they maintain a public list of subprocessors? How much notice do they give before adding new ones?

In Australia, the Privacy Act 1988 and the Notifiable Data Breaches scheme mean you have legal obligations if a vendor breach exposes your customers' personal data. Your vendor contracts should include breach notification timelines (72 hours is industry standard), right-to-audit clauses, and data return/deletion obligations on termination.

Australian Government Supply Chain Security Guidance

The ACSC publishes guidance specifically for Australian organisations on managing supply chain risk. The key documents:

  • ACSC's Information Security Manual (ISM) includes controls for third-party risk management under the gateway and supply chain sections.
  • Australian Government Cyber Security Strategy 2023-2030 explicitly names supply chain security as a national priority, with proposed codes of practice for IoT and software vendors.
  • ASD's Procurement and Supply Chain Security guidance recommends due diligence assessments, contractual security requirements, and ongoing monitoring of vendor security posture.
  • The Privacy Act 1988 (Australian Privacy Principles) creates downstream liability — if your vendor loses your customers' data, you may still be the entity that has to notify under the NDB scheme.

For SMBs, the practical takeaway is that Australian regulators expect you to know your vendor risk exposure and have written contracts that enforce security obligations.

Supply Chain Security Checklist

  • Maintain an SBOM for all critical software (yours and your vendors')
  • Request VEX documents from vendors to prioritise CVE triage
  • Pin all package versions with lockfiles and hashes
  • Scan container images for vulnerabilities before deployment (Trivy, Grype)
  • Verify package signatures (sigstore) where supported
  • Use content-addressable digests for Docker images, not mutable tags
  • Disable npm postinstall scripts unless explicitly required
  • Contractually require 72-hour breach notification from all vendors
  • Include right-to-audit and data deletion clauses in vendor contracts
  • Review subprocessor lists quarterly
  • Ask vendors for their SLSA build level and SBOM before signing
  • Monitor vendor security advisories and subscribe to CVE feeds for your stack

Vendor Security Questionnaire (10 Must-Ask Questions)

  1. Can you provide an SBOM (SPDX or CycloneDX) for the software you deliver to us?
  2. What is your average patch time for critical CVEs, and do you provide VEX statements?
  3. What SLSA level does your build pipeline meet, and do you sign your build artifacts?
  4. Have you experienced a supply chain or security incident in the last 24 months? If so, what was the scope and remediation?
  5. Where is our data stored (jurisdiction), and how is it encrypted at rest and in transit?
  6. What is your coordinated vulnerability disclosure (CVD) policy, and do you operate a bug bounty?
  7. Do you maintain a public subprocessor list, and how much notice do you give before adding a new subprocessor?
  8. What is your breach notification timeline, and will you contractually commit to notifying us within 72 hours?
  9. Do you undergo annual third-party security audits (SOC 2, ISO 27001)? Can you share the latest report?
  10. On contract termination, what is your process for returning and certifiably deleting our data?

FAQ

Q: We're a small business with 15 staff — do we really need SBOMs and vendor questionnaires? A: Yes. SMBs are disproportionately targeted because attackers assume weaker controls. An SBOM for your top 5 SaaS vendors and a one-page questionnaire for new vendors takes a few hours to set up and dramatically reduces your exposure. Start with your highest-risk vendors (those handling customer data or with access to your network).

Q: What's the difference between an SBOM and VEX, and do I need both? A: An SBOM tells you what's in the software (the ingredients list). VEX tells you whether a specific vulnerability in those ingredients is actually exploitable in that product (the safety assessment). You need both — SBOM without VEX gives you noise; VEX without SBOM gives you assertions without evidence. Ask vendors for both.

Q: Our vendors say they can't provide an SBOM. What should we do? A: This is common — especially with smaller SaaS vendors. Escalate: ask for a component list or dependency inventory as a minimum. If they still can't provide one, add contractual language requiring SBOM delivery within 12 months (gives them time to comply) and weight that vendor as higher risk in your register. For open-source packages, you can generate SBOMs yourself using tools like Syft or cyclonedx-bom.

Q: How often should we reassess vendors? A: At minimum annually for critical vendors (those handling sensitive data or with network access). For high-risk vendors, quarterly review of their security advisories and subprocessor changes is prudent. Any vendor breach notification should trigger an immediate reassessment — including whether to terminate the contract.

Conclusion

Software supply chain risk is not a future problem — the attacks are happening now, and Australian SMBs are in the blast radius. The controls exist and are increasingly accessible: SBOMs are becoming standard, VEX is maturing, sigstore signing is live on npm and PyPI, and the ACSC is publishing clear guidance. The gap isn't technology — it's adoption. Start with three actions this week: send the 10-question vendor questionnaire to your top 5 SaaS providers, pin your package dependencies with lockfiles and hashes, and ask your critical vendors for an SBOM. Each one reduces your third-party breach exposure measurably.

Visit consult.lil.business for a free cybersecurity assessment — we'll review your vendor risk posture, software supply chain controls, and gaps against ACSC guidance.

References

  1. Australian Cyber Security Centre — Information Security Manual (ISM): https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism
  2. SLSA — Supply-chain Levels for Software Artifacts (Framework): https://slsa.dev/
  3. NTIA — Software Bill of Materials (SBOM) Minimum Elements: https://www.ntia.gov/files/ntia/publications/softwarebill-of-materials_minimum-elements.pdf
  4. CISA — Software Supply Chain Security Guidance: https://www.cisa.gov/sites/default/files/publications/Software_Supply_Chain_Security_Guidance.pdf
  5. Sigstore — Code Signing for Software Supply Chain Security: https://www.sigstore.dev/The previous response was already complete — all sections (TL;DR, main content, checklist, vendor questionnaire, FAQ, conclusion, and references) were included in full. No truncation occurred; the full post was delivered.

Verifier warning: verifier could not run (PluginLlmTrustError).

TL;DR

  • Some bad people use AI to pretend to be computer workers and get hired by companies
  • They use robot voices, fake photos, and computer-generated resumes
  • They don't actually do the work—they steal secrets
  • Companies need new ways to check if people are who they say they are

What's Happening?

Imagine this: Someone sends a job application to a company. They have a nice photo, a good resume, and they do great in the interview. The company hires them.

But there's a problem: That person doesn't really exist.

A group of bad people used AI (artificial intelligence) to create a fake person, trick the company, and get hired. Then they use their job to steal secrets and money.

This is happening RIGHT NOW with computer programming jobs.

Who's Doing This?

Microsoft (a really big computer company) found out that some people from North Korea are doing this [1]. They use special names:

  • Jasper Sleet
  • Coral Sleet (used to be called Storm-1877)

They're like teams of tricksters using computers to fake being workers.

How Do They Trick Companies?

Step 1: Creating a Fake Person

They use AI to make everything up:

  • Fake names - The computer suggests names that sound real
  • Fake photos - Computer-generated pictures that look like real people
  • Fake resumes - Computer-written work history that looks perfect for the job
  • Fake emails - Email addresses that match the fake name

It's like playing dress-up, but with computers instead of clothes.

Step 2: Tricking the Interview

When it's time for a video call, they use special tricks:

  • Robot voices - Computers that change their voice to sound like someone else
  • Chat helper - AI that helps them answer questions during the interview
  • Maybe pre-recorded videos - Sometimes they just play a video instead of talking live

The company thinks they're talking to a real person. But they're actually talking to a trickster using computer tools.

Step 3: Getting Hired (and Stealing)

Once they're "hired":

  • They get paid salary money (which goes to the bad people)
  • ️ They get access to company computers and secrets
  • They steal important information
  • They sell passwords or secrets to other bad people

They might do a little work—using AI to help them write computer code so they don't get caught. But the real goal is stealing, not working. [1]

Why Can't Companies Tell They're Fake?

Good question! Here's why regular background checks don't work:

  • Background check passes - Fake people have no criminal history because they don't exist!
  • References check - Fake references from computer-made people
  • Skills test passes - AI helps them answer technical questions
  • Looks normal on video - Computer voices and fake photos look real

It's like a really, really good costume.

Signs Someone Might Be Fake

Microsoft found some clues that can give away fake workers [1]:

Weird Things in Their Computer Code

  • Using emojis as checkmarks () inside code
  • Writing comments that sound like they're explaining themselves too much
  • Using way too many complicated words for simple things
  • Code that's more complicated than it needs to be

Weird Things About Their "Life"

  • Hardly any photos or posts on social media before a certain date
  • The same face shows up with slightly different names
  • Jobs or schools that are hard to check really exist
  • Generic stories that could be about anyone

Weird Things When Working

  • Working at strange hours
  • Asking for access to things they don't really need
  • Moving files around for no clear reason
  • Doing very little real work

How Companies Can Stay Safe

Good companies are fighting back with new rules:

Better Checking

  • Multiple video calls - Not just one interview, but lots of talking
  • Real work tests - Watch them actually do work, not just answer questions
  • Meeting in person - Sometimes you just have to see someone face-to-face
  • Checking their whole internet life - Seeing if they exist in more than one place online

Watching for Weird Stuff

  • Strange computer access - Looking at files they shouldn't need
  • Weird hours - Working at 3am when nobody else is awake
  • Moving data around - Sending files to places they shouldn't go

Being Extra Careful

  • Not giving too much power - Only giving access to what they really need
  • Checking on contractors too - Not just full-time workers, but anyone with access
  • Using computers to watch computers - AI helpers that look for fake workers

What Does This Mean for Us?

This might sound scary, but here's the good news:

Smart people are figuring this out - Companies like Microsoft are finding these tricks Better rules are being made - New ways to check if people are real Good AI is fighting bad AI - Using computer helpers to catch the tricksters

And for us regular people:

  • Learn about internet safety - Knowing tricks helps you avoid them
  • Build real relationships - Fake people can't do friendship or teamwork well
  • Ask questions - If something seems weird, it's okay to ask why

FAQ for Curious Kids

They try! But the fake people are really good at tricking. It's like when someone wears a really good Halloween costume—you can't tell who's underneath until they take it off.

Yes! Microsoft found thousands of fake accounts and stopped them [1]. But the bad people keep trying new tricks.

Maybe. That's why companies are being extra careful now. It's like locking doors—not because you expect burglars, but because you want to be safe.

No, AI is just a tool. Think of it like a hammer. You can use a hammer to build a birdhouse OR break a window. AI can help bad people do bad things, but it also helps good people catch them!

TELL A GROWNUP. Don't try to figure it out yourself. If someone online seems weird or too good to be true, that's a grownup problem to solve.

Remember

The internet has good people and bad people, just like the real world. The difference is:

  • Real world - You can see people's faces
  • Online world - People can hide who they really are

That's why we need to be extra careful and use smart rules to stay safe. ️

Want to learn more about staying safe online? Ask your parents or teachers about internet safety, or check out resources from CISA—they're the experts on keeping computers safe!

Sources

  1. Microsoft Security Blog. "AI as tradecraft: How threat actors operationalize AI." https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/

  2. Microsoft Security Blog. "Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizations." https://www.microsoft.com/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/

  3. CISA. "Cybersecurity for Kids." https://www.cisa.gov/news-events/news/cisa-launches-cybersecurity-awareness-month-kids

  4. FBI. "North Korean IT Workers Warning." https://www.fbi.gov/ic3/alertr/north-korean

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation