SCSW On a scale of 1 to 10, 10 being the very best threat, Snap Chief Data Safety Officer Jim Higgins charges software program provide chain threat “about 9.9”
Ten, for the report, is “at all times safety hygiene,” he instructed The Register. It appears we’re a good distance from avoiding the subsequent SolarWinds-style state of affairs.
Not solely is the provision chain at excessive threat, however it’s a tricky safety downside to repair as a result of a single product can have tens of hundreds of software program dependencies.
“It is a physics downside,” Higgins stated, in that software program packages are depending on so many different third-party and open-source software program libraries. And it solely takes a bug in one in every of these to make your group the subsequent cautionary story.
A very powerful factor his fellow CISOs can do to enhance provide chain safety is to know what software program their group makes use of and perceive the dependencies throughout the provision chain, in response to Higgins. He recommends including a full stock of libraries in use as a begin level for fixing the issue, so safety workers know precisely what to examine.
“Understanding your stock is totally No. 1,” he stated. “It is 50 % of the issue. For those who can perceive the place every little thing is and a CVE hits, then no less than you recognize instantly what you could do and the place.”
Oh, and in addition, remember to patch. ®