As Marc Andreesen so aptly noted “Software is eating the world”. Our
technology-driven world increasingly relies on third party code, open source
libraries and shared repositories. We don’t fully appreciate just how
interconnected we are, and how that translates into software code dependencies.
It took an event like the SolarWinds Orion attack to rattle the bars on that
cage, and wake us up to what’s been going on for some time. The reality is that
software supply chain attacks aren’t new. They’ve been around for many years,
and we’ve been watching that check engine light but not really addressing the
issues. Recent attacks show how easy it is to create confusion and send
malicious code undetected through automated channels to trusting recipients.
SolarWinds delivered a hard truth to defenders: everyone is vulnerable when
trust can be abused. Where is the weakest link in your software supply chains