Articles about Supply chain

A new report finds that nearly three quarters (73 percent) of UK businesses expect geopolitical risk to intensify over the next 12 months, with 62 percent saying their supply chains can’t deal with the shifting geopolitical sands.

The study from Ivalua, based on a survey of 300 supply chain and procurement decision-makers in the UK, shows the war in Ukraine has negatively impacted confidence in their organization’s supply chain the most (77 percent). This is followed by US tariffs (75 percent), military exercises and testing disrupting major shipping straits (73 percent), tensions between China and Taiwan (62 percent), and the war in Gaza (58 percent).

Continue reading →

Electronic data interchange (EDI) is the lifeblood of modern business, but even a small error -- be it a connection failure, data quality issue, transformation failure, or data transmission issue for example -- can rapidly cascade, generating hundreds or even thousands of issues.

This can become a domino effect tipping over into longer root cause identification, inefficiency in managing a raft of open tickets, and a prolonged time to resolution. These factors can increase operational risk, leading to downstream supply chain issues that can jeopardize valuable business relationships.

Continue reading →

While banks and financial institutions generally have strong defenses, third-party vendors often lack the same levels of security, something that can offer providing attackers indirect access to the institutions they serve.

A new report from Black Kite examines the shifting landscape of cyber threats in the financial sector, highlighting the critical importance of understanding and mitigating the hidden dangers within the vendor ecosystem.

Continue reading →

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

Continue reading →

New research finds that 32 percent of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. 68 percent are more realistic, noting they feel uncertain about achieving this near-impossible outcome.

The study from Lineaje, carried out among RSA attendees, also shows that while software bill of material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption.

Continue reading →

Security of the enterprise software supply chain isn't solved with buzz or branding. It is solved with trust, scale, and seamless integration into real developer workflows.

To meet everyday software supply chain challenges Docker is launching Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images.

Continue reading →

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Continue reading →

As organizations increasingly rely on third-party vendors, open-source components, and cloud services to bolster efficiency and scalability, they also open themselves to risks.

Historically they've relied on CVSS scores to measure the severity of risks, but a new report from Black Kite suggests that this method alone is not enough.

Continue reading →

Managing and securing the software supply chain end-to-end is vital for delivering trusted software releases.

But a new report from JFrog finds emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

Continue reading →

A new study finds 83 percent of executives now rank supply chain resilience as being as critical as cybersecurity, and many are turning to technology to strengthen their operations.

The research from Cleo shows that to bolster resilience, 47 percent are considering artificial intelligence (AI), recognizing its potential to automate processes, predict disruptions, and enhance decision-making.

Continue reading →

Trust management platform Vanta has announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network.

With 65 percent of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a strong security posture is essential for growth and unlocking new market entry. Vanta's new features simplify delegation, improve contextual communication and ensure accountability, allowing businesses to use their network of employees, vendors, auditors and customers to maintain continuous compliance.

Continue reading →

In recent years generative AI has made its way into many areas of business, helping to transform and streamline processes. However, its potential in the procurement space remains relatively unexplored.

We talked to Kevin Frechette, CEO of Fairmarkit, to find out how enterprises can exploit GenAI to gain agility, efficiency, and smarter decision-making in their sourcing decisions.

Continue reading →

Increased use of open source and third-party code leaves organizations open to more attacks on the software supply chain.

Open source vulnerabilities have become a prime target for attackers and organizations need to strengthen their defenses. We spoke to Richard Clark, senior solutions architect at JFrog, to discuss the importance of proactive measures in protecting against these threats.

Continue reading →

As we head further into 2025, organizations must focus on bolstering operational resilience and addressing third-party risks, driven not only by commercial imperatives but also by new regulatory mandates. With the enactment of regulations such as NIS2 in late 2024 and DORA early this year, supply chain risk management is now a strategic necessity.

This means that third-party cyber risk management must become a strategic priority. However, according to BlueVoyant’s fifth annual Supply Chain Defence report, which examines fast-evolving supply ecosystems, many organizations don’t appear to be prioritizing supply chain cyber risk management, or are unaware of cyber security gaps in their supply chains.

Continue reading →

The CrowdStrike outage of July 2024 has triggered a major rethink of tech supply chains, as businesses around the world look to build IT resilience and minimize risk.

New research from Adaptavist shows that in the wake of the incident, which affected 8.5 million devices worldwide, there's a decisive shift in vendor relationships and a loss of confidence in traditional single-vendor approaches, with only 16.25 percent of respondents expressing satisfaction with their current providers.

Continue reading →