Articles about Supply chain

Tech investment is needed to fight geopolitical risk to supply chains

Supply chain procurement

A new report finds that nearly three quarters (73 percent) of UK businesses expect geopolitical risk to intensify over the next 12 months, with 62 percent saying their supply chains can’t deal with the shifting geopolitical sands.

The study from Ivalua, based on a survey of 300 supply chain and procurement decision-makers in the UK, shows the war in Ukraine has negatively impacted confidence in their organization’s supply chain the most (77 percent). This is followed by US tariffs (75 percent), military exercises and testing disrupting major shipping straits (73 percent), tensions between China and Taiwan (62 percent), and the war in Gaza (58 percent).

Continue reading

New AI approach aims to cut disruption from data interchange errors

Human error head hands

Electronic data interchange (EDI) is the lifeblood of modern business, but even a small error -- be it a connection failure, data quality issue, transformation failure, or data transmission issue for example -- can rapidly cascade, generating hundreds or even thousands of issues.

This can become a domino effect tipping over into longer root cause identification, inefficiency in managing a raft of open tickets, and a prolonged time to resolution. These factors can increase operational risk, leading to downstream supply chain issues that can jeopardize valuable business relationships.

Continue reading

Supply chain issues pose major risks to financial organizations

Cybersecurity investment money

While banks and financial institutions generally have strong defenses, third-party vendors often lack the same levels of security, something that can offer providing attackers indirect access to the institutions they serve.

A new report from Black Kite examines the shifting landscape of cyber threats in the financial sector, highlighting the critical importance of understanding and mitigating the hidden dangers within the vendor ecosystem.

Continue reading

Open-source malware targets data exfiltration

Malware Detected Warning Screen

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

Continue reading

Confidence in software supply chain security at odds with actual readiness

software development coding

New research finds that 32 percent of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. 68 percent are more realistic, noting they feel uncertain about achieving this near-impossible outcome.

The study from Lineaje, carried out among RSA attendees, also shows that while software bill of material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption.

Continue reading

Docker introduces Hardened Images to boost supply chain security

Cybersecurity training notes

Security of the enterprise software supply chain isn't solved with buzz or branding. It is solved with trust, scale, and seamless integration into real developer workflows.

To meet everyday software supply chain challenges Docker is launching Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images.

Continue reading

AppSec is critical to software purchasing decisions

Data Security

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Continue reading

Traditional vulnerability assessment falls short on third-party risks

Third party risk domino effect

As organizations increasingly rely on third-party vendors, open-source components, and cloud services to bolster efficiency and scalability, they also open themselves to risks.

Historically they've relied on CVSS scores to measure the severity of risks, but a new report from Black Kite suggests that this method alone is not enough.

Continue reading

Software supply chain threats increase in the AI era

Software supply chain development

Managing and securing the software supply chain end-to-end is vital for delivering trusted software releases.

But a new report from JFrog finds emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

Continue reading

Supply chain resilience rated as highly as cybersecurity

Software supply chain blockchain

A new study finds 83 percent of executives now rank supply chain resilience as being as critical as cybersecurity, and many are turning to technology to strengthen their operations.

The research from Cleo shows that to bolster resilience, 47 percent are considering artificial intelligence (AI), recognizing its potential to automate processes, predict disruptions, and enhance decision-making.

Continue reading

Vanta launches new features to boost compliance and trust

Compliance rule law and regulation graphic interface for business quality policy

Trust management platform Vanta has announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network.

With 65 percent of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a strong security posture is essential for growth and unlocking new market entry. Vanta's new features simplify delegation, improve contextual communication and ensure accountability, allowing businesses to use their network of employees, vendors, auditors and customers to maintain continuous compliance.

Continue reading

How GenAI is set to change procurement [Q&A]

Supply chain procurement

In recent years generative AI has made its way into many areas of business, helping to transform and streamline processes. However, its potential in the procurement space remains relatively unexplored.

We talked to Kevin Frechette, CEO of Fairmarkit, to find out how enterprises can exploit GenAI to gain agility, efficiency, and smarter decision-making in their sourcing decisions.

Continue reading

Software supply chain attacks and how to deal with them [Q&A]

Software supply chain blockchain

Increased use of open source and third-party code leaves organizations open to more attacks on the software supply chain.

Open source vulnerabilities have become a prime target for attackers and organizations need to strengthen their defenses. We spoke to Richard Clark, senior solutions architect at JFrog, to discuss the importance of proactive measures in protecting against these threats.

Continue reading

Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?

Can't see

As we head further into 2025, organizations must focus on bolstering operational resilience and addressing third-party risks, driven not only by commercial imperatives but also by new regulatory mandates. With the enactment of regulations such as NIS2 in late 2024 and DORA early this year, supply chain risk management is now a strategic necessity.

This means that third-party cyber risk management must become a strategic priority. However, according to BlueVoyant’s fifth annual Supply Chain Defence report, which examines fast-evolving supply ecosystems, many organizations don’t appear to be prioritizing supply chain cyber risk management, or are unaware of cyber security gaps in their supply chains.

Continue reading

CrowdStrike outage prompts businesses to overhaul supply chains

Software supply chain development

The CrowdStrike outage of July 2024 has triggered a major rethink of tech supply chains, as businesses around the world look to build IT resilience and minimize risk.

New research from Adaptavist shows that in the wake of the incident, which affected 8.5 million devices worldwide, there's a decisive shift in vendor relationships and a loss of confidence in traditional single-vendor approaches, with only 16.25 percent of respondents expressing satisfaction with their current providers.

Continue reading

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.