From software developers, security leaders, users and more, many people have a hand in the cybersecurity of software supply chains. “Software supply chains are complicated,” said Tony Sager, Senior Vice President and Chief Evangelist at the Center for Internet Security.
The good news about software supply chains is that they promote efficiency and organizational scaling, according to Sager. “The bad news is that if there’s a problem, it permeates across a really wide range without even trying. That can cover flaws, inadvertent mistakes, or use of software in unexpected ways, all the way out to and including someone who’s maliciously trying to introduce something into your supply chain.”