How to Protect the Software Supply Chain from Vulnerable Third-Party Code
What happens when you don’t protect the software supply chain from vulnerable third-party code? You know…the software, scripts, and code snippets that your business uses on your website or network?
The compromise could be unintentional—perhaps the coders simply made a mistake. Or the compromise could be intentional—maybe hackers wrote a malicious script and promoted it as legitimate on a third-party library source to encourage users to download and install.
Either way, your business has a problem, because you now have code embedded in your systems that could be incredibly dangerous to your company and customers.
When hackers implant malicious software on third-party sources or when they take advantage of vulnerabilities in existing third-party code, this type of scenario is known as a software supply chain attack. (Two recent examples of software supply chain attacks include Kaseya and SolarWinds.) And while supply chain attacks are
