The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted to fragmented security solutions, inadvertently leaving critical gaps in coverage and compromising their competitive advantage.

Recently, Snyk hosted a wine tasting & customer discussion featuring David Imhoff, Product Security Leader at Kroger. The discussion focused on tackling the challenges of securing digital supply chains. Kroger is a retail giant with 2,700 stores and 400,000 employees. The organization faces unique challenges because it operates on such a massive scale, adding complexity to its software supply chain and security.

Did you know that nine out of 10 companies detected software supply chain risks in the past 12 months? The increase in the number of dependencies in a supply chain has extended the attack surface for adversaries. It has also caused threat actors to shift their focus from the downstream chain affecting just end users to the upstream chain affecting vendors, customers, and end users alike.

Software supply chain security is on the highest priorities list of an organization. It consists of every major and minor stakeholder, tool, application, and resource associated with a software development project. However, some organizations still need clarification about it or need to know how exactly they can maintain it and prevent attackers from exploiting the supply chain. But now, with this blog, everything will be cleared within minutes.

In my previous post, I began to list the ways you can strengthen your security posture, with some holistic approaches to application security and the software supply chain. In this second part of the series, let’s look at six more important considerations.