Securing the software supply chain has become akin to eating better, exercising regularly and getting more rest. Everyone knows that it’s the right thing to do, but the execution often leaves much to be desired.
A number of industry leaders have stepped forward in recent weeks to add a note of urgency to the software supply chain issue. These include leaders in the private sector, academe, tech foundations and government. Their comments, as captured in a review of news sources and first-hand conversations with SiliconANGLE Media, echo a common theme: It’s time to take this threat seriously and do something about it.
“You really think about what is my weak link, what is my vulnerability?” Manoj Nair, general manager of Metallic, a Commvault venture, said during an interview with SiliconANGLE. “That vulnerability is now your software supply chain.”
The warning signs are hard to miss. The SolarWinds attack, which planted malicious code in software used by private and public sector organizations around the world, demonstrated the problems that can ensue when the supply chain is breached. More recently, the Apache Log4j vulnerability reported late last year…
