Chief Product Officer at GrammaTech, where he leads product strategy for the company’s application security testing product portfolio.
Just as the manufacturing sector has adopted the use of third-party providers to build their products, software development has created an extensive supply chain to address cost and time to market pressures for faster delivery of new applications and services. Virtually every modern custom-developed software application contains third-party components. These can be open source (OSS), custom ordered or commercial off the shelf (COTS) components. Lack of visibility into these building blocks poses a significant, and often underestimated, security risk.
Consider the supply chain analogy in aerospace manufacturing. Today, virtually every part of an airplane is provided by third-party suppliers to the manufacturer for final assembly. Unlike software, each airplane has a detailed bill of materials that contains an audit trail for each component, including the supplier, where it was produced,