Rethinking Software Supply Chain Security
bankinfosecurityCyfinoid's Shrivastava Calls for Greater Visibility Over Software Security Risks Tom Field (SecurityEditor) • August 15, 2025
Software supply chain security is all too often viewed through a narrow lens, focused mostly on code dependencies and SBOMs. But the devil remains in the details and can emerge from overlooked areas such as developer tools, browser extensions and cloud infrastructures, all of which play a role in how software is built, deployed and, in some cases, dismantled.
See Also: What Manufacturing Leaders Are Learning About Cloud Security - from Google’s Frontline
Yet most organizations lack overall visibility into these areas, said Anant Shrivastava, founder and chief researcher at Cyfinoid. While SBOMs provide a clear starting point, they can fail to account for deeper, interconnected systems or third-party services that are part of a company's software lifecycle.
"SBOM is not a security solution. SBOM is an inventory. As an inventory, how ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE