After the SolarWinds breach unfolded, the prevailing attitude was one of “we need to talk” about the security of our software supply chains.
It’s remained a consistent discussion topic in the years since. The problem is, we’ve kept talking about it, and talking about it, but too many organisations seem to have placed it into a ‘too-hard basket’ and deferred meaningful action.
And so two years later, the same threat still exists, and is largely unaddressed.