This post was originally published on IT Pro Today
In December 2020, SolarWinds suffered a breach that went undetected for months. Hackers infiltrated the company’s IT monitoring platform and gained access to sensitive customer data. While it wasn’t the first time that hackers had exploited weaknesses in third-party software, the SolarWinds breach drew significant attention due to the company’s size and scope.
Yet it wasn’t until the Log4J vulnerability in 2021 that companies, software vendors, and regulatory authorities began to take decisive action around third-party software risks. The Log4J vulnerability, which was discovered in the widely used Apache Log4J library, affected major tech vendors like AWS, Adobe, Cisco, Broadcom, Fortinet, Okta, VMware, FortiGuard, and IBM.
In the following year, attacks that exploited software vulnerabilities became increasingly prevalent. For example, one attack inserted malware into JavaScript npm packages used by Azure developers. In another high-profile attack, leaked source code from Toyota exposed the personal details of nearly 300,000 customers.
As companies rely more heavily on dozens, hundreds, or even thousands of applications to run their businesses, third-party software vulnerabilities have become a top concern. A recent SecurityScorecard report revealed that third-party vendors are five times more likely to have poor
— Read the rest of this post, which was originally published on IT Pro Today.
