Back to glossary

Supply Chain Security

The process of securing the entire lifecycle of a product, from raw materials and components to manufacturing, distribution, and software dependencies.

Categorysecurity

Overview

Supply chain security has become a top priority following high-profile attacks like SolarWinds and Log4j. It involves ensuring that every element that goes into a product or service is trusted and has not been tampered with.

Key Components

  • Software Supply Chain: Securing third-party libraries, build pipelines, and distribution channels.
  • Hardware Supply Chain: Ensuring the integrity of physical components and preventing the insertion of 'hardware backdoors.'
  • Vendor Risk Management: Auditing the security practices of suppliers and partners.
  • Software Bill of Materials (SBOM): Maintaining a transparent list of all software components.

Importance

Attackers target the supply chain because a single compromise can provide access to thousands of downstream customers.

Related Terms

Software Bill of Materials (SBOM)Software Composition Analysis (SCA)Firmware Security