# Securing the digital supply chain

By [Doug Lane](https://paragraph.com/@axalane) · 2022-03-30

---

Let's kick off this week's run through [my top security topics](https://mirror.xyz/axalane.eth/rIC09qU4k1aR3xWmFd6uxc45n41FwvzkrkgKOH6Mh3I) with securing the digital supply chain.

**What does it actually mean?**

These days, nearly every technology product or service is built through collaboration across multiple companies. So securing them effectively requires tools and practices that extend across organizational boundaries. And guess what: this doesn't happen very much.

**Why is it interesting?**

1.  Two of the most catastrophic security incidents of the last several years, [SolarWinds](https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor) and [Log4Shell](https://logging.apache.org/log4j/2.x/security.html), were supply chain attacks.
    
2.  Managing security across organizational silos within a single company is hard enough. Coordinating across companies takes the degree of difficulty much higher.
    
3.  We're already getting clobbered on software supply chain attacks alone. But as I'll dive deeper into tomorrow, this is just one of several possible supply chain attack vectors.
    

\-Doug​

---

*Originally published on [Doug Lane](https://paragraph.com/@axalane/securing-the-digital-supply-chain)*