The hackers who infiltrated vendor SolarWind’s network-performance monitoring software thoroughly compromised their target through the vendor’s software supply chain.
This attack brought world-wide visibility to issues surrounding the security of software supply chains. Organizations are now requiring their software vendors to fill out long questionnaires of little value in order to meet compliance requirements that they have taken reasonable steps to ensure that they haven’t suffered a similar compromise. Software vendors in turn are requiring their subcontractors to fill out such questionnaires, and this goes on down the chain.
In this presentation we will discuss the real risks and best practices in Supply Chain Risk Management, with a key focus on mainframe software.