# Four digital supply chain risks

By [Doug Lane](https://paragraph.com/@axalane) · 2022-03-30

---

Yesterday, I shared a few reasons why [digital supply chain security](https://mirror.xyz/axalane.eth/-nuGX7etY9izRVfwAMAoWg0WokjJ_OMMD1Gw3VpfNpE) should be top of mind for security leaders and vendors that support them.

In addition to the challenge of extending security across company boundaries, supply chain security is complicated by the fact that it comes in many different flavors.

I can think of at least four:

**1\. Software vulnerabilities:** Does third-party software I use to build my products or run my business have vulnerabilities? (Think SolarWinds and Log4Shell.)

**2\. Hardware vulnerabilities:** Does my product include third-party hardware that has hidden vulnerabilities? (Think Spectre and Meltdown.)

**3\. Platform provider compromises:** If one of my cloud or SaaS providers is breached, will my sensitive data be compromised? (Think [Okta today](https://www.wsj.com/articles/okta-investigates-reports-of-a-digital-breach-11647931174) and [Hubspot a few days ago](https://www.securityweek.com/cryptocurrency-services-hit-data-breach-crm-company-hubspot).)

**4\. Partner infrastructure compromises:** If a supply chain partner is breached, will it provide a possible entry point into my infrastructure? (Think [infamous Target breach](https://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/) that originated with a small HVAC vendor.)

In short, digital supply chain security is a complex problem that nearly all security buyers now face. And there's lots of evidence that it can't be ignored.

\-Doug​

---

*Originally published on [Doug Lane](https://paragraph.com/@axalane/four-digital-supply-chain-risks)*