The software supply chain is a vast, global landscape made up of a complicated web of interconnected software producers and consumers. As such, it comes with numerous risks and vulnerabilities that affect all software–including those from third parties and outside vendors. These risks include everything from code vulnerabilities and open-source code repositories to hijacked software updates, insecure connected devices, overprivileged access to resources across the supply chain, and more.
However, many software supply chain vulnerabilities occur because most software is not written from scratch. Instead, developers often rely on open-source code to scale software production. As many as 96% of applications contain at least one open-source component, and 78% of businesses report using open-source software as part of their network. And while this trend is integral in advancing business productivity, it also highlights the importance of creating a secure software supply chain.
