While the SolarWinds attacks are now over a year old, other software supply chain attacks have since popped up, creating new challenges for cybersecurity departments attempting to seal holes caused by vulnerabilities in common open-source libraries. To help protect your company from these risks, Tony Hadfield, Solutions Architect Director at Venafi, offers a set of three key considerations in managing a software supply chain:
-
- Maintain visibility – keep track of all software inventory, and the open-source components used by them, including their development history, and how and where they’re used in the organization
- Keep it simple – don’t add or enable unnecessary features or functions, and keep things to essentials, to minimize the potential vulnerabilities
- Reduce the effort – if you can push functionality from an assortment of tools into a single robust external service, consider doing so, rather than having each tool manage that function independently
As the use of open source software libraries continues to grow, so will the risk of new vulnerabilities being discovered. So rather than wait until it’s too late to protect yourself, start looking into your software supply chain now.
Source:
https://www.helpnetsecurity.com/2022/05/16/cybersecurity-earthquake/
