5 software vendors accounted for 24.1% of all the vulnerabilities in 2019 according to the RiskSense Vulnerability Weaponization Spotlight Report.
It\’s not surprising that a few huge companies comprise almost 25% of the vulnerabilities identified so far in 2019. After all, uncountable software solutions incorporate their products and infrastructure. The problem however, goes beyond the single company and affects the entire supply chain. Companies know which vendors they work with – but they don’t know which vendors their vendors work with. It might just be on one or more of these top five vendors. Any company truly concerned about information security and privacy should be assessing and managing the risk their vendors security posture. What is new is the need to identify fourth parties – the vendors\’ subcontractors. Automated solutions that discover fourth parties and accurately identify their entire digital asset base can be a tremendous help in truly understanding risk when loading or sharing sensitive data in any software system or web service. Without this kind of technology, companies are literally \”flying blind\” – they don\’t know the infosec risk of their digital supply chain.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics