# Four digital supply chain risks

**Published by:** [Doug Lane](https://paragraph.com/@axalane/)
**Published on:** 2022-03-30
**URL:** https://paragraph.com/@axalane/four-digital-supply-chain-risks

## Content

Yesterday, I shared a few reasons why digital supply chain security should be top of mind for security leaders and vendors that support them. In addition to the challenge of extending security across company boundaries, supply chain security is complicated by the fact that it comes in many different flavors. I can think of at least four: 1. Software vulnerabilities: Does third-party software I use to build my products or run my business have vulnerabilities? (Think SolarWinds and Log4Shell.) 2. Hardware vulnerabilities: Does my product include third-party hardware that has hidden vulnerabilities? (Think Spectre and Meltdown.) 3. Platform provider compromises: If one of my cloud or SaaS providers is breached, will my sensitive data be compromised? (Think Okta today and Hubspot a few days ago.) 4. Partner infrastructure compromises: If a supply chain partner is breached, will it provide a possible entry point into my infrastructure? (Think infamous Target breach that originated with a small HVAC vendor.) In short, digital supply chain security is a complex problem that nearly all security buyers now face. And there's lots of evidence that it can't be ignored. -Doug​

## Publication Information

- [Doug Lane](https://paragraph.com/@axalane/): Publication homepage
- [All Posts](https://paragraph.com/@axalane/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@axalane): Subscribe to updates