Matt Middleton-Leal, Managing Director EMEA at Qualys, discusses the importance of software supply chain security.
Every day, you will see headlines around IT security issues affecting companies and public sector bodies. These organisations will be affected by attacks that could involve everything from data theft or sensitive information being leaked through to full blown ransomware deployments and interruptions to service. One of the biggest routes for these attacks over the past few years has been the software supply chain – if an attacker can jeopardise one software component, then they can attack multiple companies through that hole.
Applications are now more complex too. They have more moving parts, from open source software projects and internally developed software code through to third party applications that are embedded into services. They can expand and scale up to meet demands, created on-demand using infrastructure as Code or in Kubernetes containers. And they can be created using public software hosted on services like GitHub or the Python Package Index.
As a result, many security teams are not able to track those software assets effectively. To solve this, we…
