Security News > 2022 > November > You can up software supply chain security by implementing these measures

Recent cyberthreats have highlighted security gaps in the software supply chain, and enterprises must take a closer look at their third-party due diligence processes to ensure trust and security.

In a recent survey conducted by the Neustar International Security Council, 76% of security and information technology professionals worldwide cited software supply chain risk as a top security priority, and fully 77% attributed the increased rigor of due diligence processes they have in place for external managed service providers to the Log4j vulnerability and other prominent attacks against software and service providers.

The nature of Log4j - a ubiquitous open-source library often buried so deep in a stack that some organizations don't even know they use it - illustrates how enterprises are challenged to identify and address every security gap or weakness.

A good starting point for upping your software supply chain security is a comprehensive audit.

Ultimately, supply chain partners should be accountable for maintaining security standards that are as rigorous as those adhered to by the enterprise itself.

Security experts have long preached the need for a multi-layered approach to security that encompasses the basics - having a thorough, planned approach for implementing software patch updates and fixes, carrying out frequent vulnerability and penetration testing, and ensuring regular updates to data backup systems are made - and incorporates best practices for security hygiene in key areas like DNS management and security, DDoS defense, and managing application vulnerability exposure including having a WAF in place.

News URL

https://www.helpnetsecurity.com/2022/11/01/supply-chain-security-gaps/