An Analysis of Software Supply Chain Attacks – Part Two

Software developers are not willing or able to sacrifice velocity by limiting the use of third-party code, or by thoroughly reviewing it before use. What’s needed is a way of living with this. Software production must adopt processes that not only ensure delivered software is safe and free of backdoors, but also provide evidence of this to customers. Software consumers, including developers, need to demand this evidence and make it part of their buying processes.