Supply chain security will remain at the front and center for many organizations, says Jack Mannino, CEO at nVisium. He adds, “In addition to traditional software security testing techniques, such as penetration testing and code reviews, a growing number of organizations may be interested in understanding how software behaves through malicious code reviews. These types of tests explore the probability that software contains embedded malware, through malicious code commits or by compromised third-party dependencies.”
CISA and NIST release new interagency resource: Defending against software supply chain attacks
