Why the SBOM is just the beginning of software supply chain cybersecurity

The more daily life becomes software dependent, the more urgent the need for organizations deploying software – including federal agencies – to ensure security in the software supply chain.

That supply chain has several main channels, principally open source components, custom coded and commercial applications.

“There’s not necessarily clean delineation. Those can all kind of come together in one unit,” said Kelly White, the co-founder and CEO of RiskRecon, a Mastercard company.

The software supply chain security question has developed in stages, White said. His own cybersecurity experience dates to when the principal concern was safe code for custom applications. The Open Web Application Security Project (OWASP), established in the late 1990s, still guides people coding and deploying online applications. The widespread adoption of open source components somewhat later.

Watch the full interview with Kelly White on the Federal News Network.

Forrester Report: Risk Ratings Platforms Deliver Critical Third-Party Risk Protection

Free 3PTY Ratings

Blog: The Power of Risk Ratings Platforms - Driving Better Risk Decisions

September 29, 2023

Why the SBOM is just the beginning of software supply chain cybersecurity

Solutions

Use Cases

Company

Resources

Forrester Report: Risk Ratings Platforms Deliver Critical Third-Party Risk Protection

Free 3PTY Ratings

Blog: The Power of Risk Ratings Platforms - Driving Better Risk Decisions

September 29, 2023

Why the SBOM is just the beginning of software supply chain cybersecurity

Cyber hygiene critical in verifying suppliers’ cybersecurity posture

Solutions

Use Cases

Company

Resources