Version française: 🇫🇷
Regulatory frameworks of some countries may require companies operating in their territory to use specific software. While their integration does not usually present any technical concern, such software can be used by adversaries as an entry point to a computer network. The revelation in June 2020 of backdoor-like functionalities in certain versions of software required by Chinese regulations, as well as the NotPetya supply chain attack in 2017, illustrate the security issues posed by the integration of untrusted software.
To limit the impact of such security issues, several recommendations should be followed to contain this type of software in an isolated and dedicated area. These recommendations are available at the end of the report.