Glossary
Software Supply Chain
What Is the Software Supply Chain?
The software supply chain is the full set of people, processes, code, tools, and dependencies that contribute to producing and delivering a piece of software — including open-source components, proprietary code, build systems, third-party libraries, infrastructure, and the maintainers behind each link.
Modern software is assembled, not written. Up to 80% of the code inside a typical vendor product is open-source software the vendor did not write — maintained by individuals and organizations who don't work for the vendor, and certainly don't work for the buyer who eventually deploys it.
That arrangement runs on trust and good faith. Most open-source maintainers are not compensated for their work, and they cannot reasonably keep up with the volume of vulnerabilities — malicious or otherwise — that find their way into the code they maintain. Every link in that chain is a potential point of compromise, which is why software supply chain security has become one of the most consequential disciplines in cybersecurity.
Related Terms
Software Supply Chain Security · Software Supply Chain Attack · Open Source Software · Software Bill of Materials · Software Provenance


