Supply Chain Security

SBOMs, third-party risk, software attestation, and defending the software dependency ecosystem.

Critical examination of software supply chain attack vectors following SolarWinds, Log4j, and XZ Utils — covering software bill of materials (SBOM) generation and consumption, third-party vendor risk management, code signing and artifact integrity verification, dependency confusion attacks, compromise of build pipelines, and frameworks for establishing trust boundaries between your organization and the thousands of libraries and services you depend on.