In response to current events, many customers have reached out with questions about managing risk related to vulnerabilities in software, services, and hardware sourced from their vendors. This aspect of securing your infrastructure affects many, if not all, of the domains in cyber security—from legal and governance frameworks to advanced threat detection.
This white paper can serve as a reference to both frame potential risks and outline how Black Duck can help you achieve supply chain security through tools, testing, and/or professional services.
Individual needs will vary, and your actions should be tailored to your environment, risk profile, and the unique characteristics of your organization. Our overall recommendations for software consumers and producers are outlined in the paper.