5 Key Questions When Evaluating Software Supply Chain Security
Knowing what to ask a potential supplier can minimize risks associated with third-party software vulnerabilities and breaches.
Jai Vijayan
PDF
Software supply chain compromises like the ones SolarWinds disclosed last December and Kaseya in July have become a growing threat. Indeed, cybercriminals appear to have glommed onto the breach-once, infect-many attack model and are ramping up attempts to break into software companies.
The trend has raised so much concern that US President Joe Biden made software supply chain security a key priority in a cybersecurity executive order he signed in May. The order requires all civilian federal agencies to take measures to evaluate and verify the security practices of their suppliers. It also mandates new guidance to be developed that will eventually require software developers to maintain secure development environments, implement strong controls for accessing their network, u