In 2020, SolarWinds suffered a massive breach with the injection of malicious code into a patch update for one of its products. By March 2021, 18,000 organizations and enterprises had installed the malicious patch onto their SolarWinds systems, from Fortune 500 companies to the U.S. government. The incident revealed an uncomfortable truth: Today’s cyber threat actors have become increasingly sophisticated at exploiting software supply
chains to conduct attacks. Whether threatened by crime groups or intelligence groups, even organizations deploying best practices for cybersecurity are faced with mounting cyber risks from their suppliers being infiltrated. Software supply chain threats are considered a top attack vector as threat actors introduce malicious tools and programs into vendor products and services at each level of the development cycle, presenting new threat considerations for enterprises that render many previous approaches to cyber defense obsolete. A Software Bill of Materials, or SBOM, is now considered by cyber industry players and the federal government as a clear solution to the increasing software supply chain attacks.