" Injection-based attacks have proven effective, yielding access to private data or possible control over a compromised machine. Software vendors are in a continual race to fix the holes that allow these attacks to succeed. But what if a hacker could inject malicious code when a program is actually compiled and created? Unfortunately, with the way that certain programs are now being built, applications have grown susceptible to what's known as cross-build injection."

" If, as part of the build process, developers automatically retrieve external dependencies, such as open source components, then an attacker has an opportunity to insert code into a target program by compromising its third-party components. "

Article Link: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1284677,00.html