The security concerns were discovered by JSOF, which named the collective vulnerabilities for how one company's code became embedded into numerous products.
Ripple20 is a set of 19 vulnerabilities discovered in 2020 in a software library developed by the Cincinnati-based[1] company Treck Inc., which implemented a TCP/IP stack.
[1] Treck had also worked with Elmic Systems, which created a fork of the library when the companies ended their collaboration.
Further analysis determined that the code originated from Treck's library, which had been widely implemented by numerous manufacturers.
[6][7][8][9] Ripple20 was chosen as the name for the set of vulnerabilities based on the disclosure year and the idea that the problems "rippled" through the supply chain from one company.