NIST refreshes software supply chain risk management guidance


Attackers are increasingly targeting digital supply chains because they can poison or exploit holes in widely used components to compromise many devices, applications, or organisations, with the 2020 SolarWinds assault being the most damaging example to date.

Software risk mitigation begins with a thorough understanding of how managed and unmanaged software are used in an organisation, and then gradually mitigates those risks � not just at the vendor level, but with each new software version and modification. Read More…