Growing concerns related to dependencies on software-reliant information communications technology (ICT) and Internet of Things (IoT) devices are pushing changes in governance associated with supply chain risk management (SCRM). The possibility of disruption of critical infrastructure exists because the software that enables these capabilities is vulnerable and exploitable.
Exploit potential is often more about the vulnerability of assets in target organizations than the ingenuity of the attackers. Several breach reports show that the source vectors of attack are in software. Consequently, organizations expanding the use of network-connectable devices need comprehensive software security initiatives to address weaknesses resulting from technological vulnerabilities and a lack of “cyber hygiene” (lack of caution) among those who develop and use software applications and software-reliant IoT devices.
Exploitable weaknesses, known vulnerabilities, and even malware can be embedded in software without malicious intent. Indeed, sloppy manufacturing hygiene is more often the cause of exploitable software. Such poor hygiene can be attributed to the lack of due care exercised…
