804 views Three Things the SolarWinds Supply Chain Attack Can Teach Us Eric Byres on lessons learned from the the SolarWinds Supply Chain Attack: limitations and advantages of SBOMs, digital signing, and network monitoring Source: blog.adolus.com The author of this article, Eric Byers, is a well known cybersec expert in ICS communities. His new Company, adolus, is working to help companies identify risks in software supply chains. Other companies are also working on software supply chain risk assessment solutions, e.g. Fortress and, my Company, Reliable Energy Analytics LLC. Solutions for software supply chain risk assessments are really just in their infancy, however their valuable role in helping companies identify and prevent harmful software from being installed is becoming an imperative. There is much room for improvement with these software risk assessment tools, however the solutions available today are effective at identifying known culprits and notifying Companies of the inherent risk they face if they decide to install a "Risky" software package. It's surprising to me that more Companies are not using software supply chain risk assessment solutions to protect themselves from harm - maybe the Solarwinds incursion will serve as a catalyst for greater adoption for these solutions. Here are some key takeaways from Eric's article that I find insightful, pragmatic and prudent: