Blindly Trusting Software Dependencies is the Opposite of Zero Trust
Trust should be earned, yet, too often, we place our trust blindly. Software is one such example. Attacks like SolarWinds, and the vulnerability discovered in the Log4j open source library should serve as the wake-up call for developers that the software supply chain is vulnerable. There are too many players in the open source supply chain, which has become increasingly interconnected and complex, and attackers are scarily good at finding openings in the nooks and crannies. Zero trust says no more.