If you didn’t know what a software supply chain was – let alone a software supply chain attack – you do now. As someone who’s been researching, studying and talking about this attack vector for the past seven years, the malicious attack on SolarWinds’ Orion leading to public and private sector breaches has been fascinating – but not unheard of. Yet industry attention switched swiftly to this attack vector as the latest “what happened” story and “how do we not end up like SolarWinds” curiosity.
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Derek Weeks. Read the original post at: https://blog.sonatype.com/software-supply-chain-attacks-solarwind-how-developers-fortify-apps
