It seems like just yesterday that the mad scramble following the SolarWinds compromise elevated supply chain security to the forefront of every entity, regardless of sector. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), formed the Information and communications technology (ICT) Supply Chain Risk Management task force in an effort to unite public and private entities with the goal of developing an actionable strategy to enhance supply chain security.
From the CISO perspective, a recent industry report from Coalfire on Software Supply Chain Risk hit the nail on the head: “Managing risk within software supply chains and product development lifecycles has become as important as protecting traditional, physical inventories and equipment supply lines.” Their survey, conducted with CyberRisk Alliance, highlighted how 52% of managers are concerned about software exposed to attack.