Cyber Security

How are you managing third-party risk with so many recent supply chain vulnerabilities?

RA Asked by Rachel Green · 12-05-2025
0 upvotes 10,366 views 0 comments
The question

It feels like every week a new software library or vendor is compromised. How do you keep up with these Cybersecurity Trends without spending all day reading CVE reports? Is there a better way to vet our vendors beyond just sending them a security questionnaire?

3 answers

0
HE
Answered on 21-11-2025

Questionnaires are honestly becoming useless because everyone just "checks the boxes." We’ve started asking for SOC 2 Type II reports and looking at their actual uptime and incident history. For our software stack, we use an SBOM (Software Bill of Materials) tool that automatically alerts us if one of our vendors is using a library with a known vulnerability. It automates the "reading CVE reports" part of the job. It’s impossible to be 100% secure, but knowing exactly what is inside the software you're running is the first step toward managing that risk effectively.

0
SC
Answered on 30-11-2025

Which SBOM tools are you using that don't cost an arm and a leg for a smaller dev team?

HE 02-12-2025

There are some great open-source options like CycloneDX. It takes a bit of setup in your CI/CD pipeline, but once it's running, it gives you a very clear map of your dependencies without the enterprise price tag.

0
LA
Answered on 05-12-2025

We prioritize vendors who offer "Security by Design" and are transparent about their patch cycles. Transparency is worth more than a 20-page questionnaire.

RA 10-12-2025

Absolutely. A vendor that admits to a flaw and patches it quickly is much more trustworthy than one that claims to be "impenetrable" but hides their logs.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session