{"id":9202,"date":"2023-02-27T12:32:00","date_gmt":"2023-02-27T17:32:00","guid":{"rendered":"https:\/\/www.carahsoft.com\/wordpress\/?p=9202"},"modified":"2024-12-09T14:13:40","modified_gmt":"2024-12-09T19:13:40","slug":"solarwinds-securing-the-supply-chain-blog-2023","status":"publish","type":"post","link":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/","title":{"rendered":"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain"},"content":{"rendered":"\n<p>Software supply chain hacks are now the most prevalent form of cyberattack. According to the latest&nbsp;<a href=\"https:\/\/www.verizon.com\/about\/news\/ransomware-threat-rises-verizon-2022-data-breach-investigations-report\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - Top CTA\">Verizon Data Breach Investigations Report,<\/a>&nbsp;62% of system intrusion incidents came through a third-party, highlighting the difficulties that many organizations \u2013 including federal agencies \u2013 face in securing their supply chain. A recent flurry of legislative activity demands that CISOs step-up their supply chain due diligence \u2013 and fast.<\/p>\n\n\n\n<p>Key among these directives and guidance is the&nbsp;<a href=\"https:\/\/www.nsa.gov\/About\/Cybersecurity-Collaboration-Center\/Cybersecurity-Partnerships\/ESF\/\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - ESF\">Enduring Security Framework (ESF).<\/a>&nbsp;Developed by NSA, ODNI, and CISA, and modeled on the&nbsp;<a href=\"https:\/\/csrc.nist.gov\/Projects\/ssdf\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - SSDF\">NIST Secure Software Development Framework (SSDF),<\/a>&nbsp;ESF aims to harmonize previously disparate Cyber Supply Chain Risk Management (C-SCRM) policies and procedures across the federal government. A key tenet of ESF \u2013 and also a requirement of a new White House Memo&nbsp;<a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2022\/09\/M-22-18.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - Memo\">(M-22-18)<\/a>&nbsp;\u2013 is vendor self-attestation to software developed in accordance with NIST standards.<\/p>\n\n\n\n<p>Yet, despite directives from the highest levels of government, questions remain:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Does every ESF recommendation and control have to be met by software vendors?<\/li>\n\n\n\n<li>Are some C-SCRM practices and standards a priority over others?<\/li>\n\n\n\n<li>Will OMB require point-in-time or continual attestation?<\/li>\n\n\n\n<li>When will the standardized self-attestation form be released?<\/li>\n<\/ul>\n\n\n\n<p>Until we have answers, one thing is clear \u2013 software supply chain security can\u2019t be solved by directives and guidelines alone. The reality is, a threat can only truly be mitigated through increased cooperation between the public and private sectors. As head of government affairs at SolarWinds here\u2019s my take on how the agencies and industry can join forces to collaborate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cooperation Must Occur \u2013 CISO to CISO<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"625\" src=\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2024\/09\/SolarWinds-Securing-the-Supply-Chain-Community-Blog-02.jpg\" alt=\"SolarWinds Securing the Supply Chain Blog Embedded Image 2023\" class=\"wp-image-9381\" style=\"width:300px\" srcset=\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2024\/09\/SolarWinds-Securing-the-Supply-Chain-Community-Blog-02.jpg 625w, https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2024\/09\/SolarWinds-Securing-the-Supply-Chain-Community-Blog-02-300x300.jpg 300w, https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2024\/09\/SolarWinds-Securing-the-Supply-Chain-Community-Blog-02-150x150.jpg 150w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><\/figure><\/div>\n\n\n<p>Typically, software purchases are one-time transactional exchanges. After all, the goal is to make procurement, installation, and deployment as quick and efficient as possible. In this model, relationships between the software vendor or supplier and the procuring agency aren\u2019t nurtured. It\u2019s an approach I believe needs to change.<\/p>\n\n\n\n<p>To protect our shared infrastructure from evolving threats, federal security leaders must build lasting and meaningful relationships with software vendors.<\/p>\n\n\n\n<p>Creating these partnerships is the future of C-SCRM in the federal government. Indeed, following the 2020 SUNBURST hack, we set out on a mission to lead the way to safer IT with our&nbsp;<a href=\"https:\/\/www.solarwinds.com\/secure-by-design-resources\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - Secure by Design\">Secure by Design<\/a>&nbsp;initiative. This effort included launching&nbsp;<a href=\"https:\/\/www.businesswire.com\/news\/home\/20220622005057\/en\/SolarWinds-Unveils-New-Software-Development-Process\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - Model\">a new model for secure software development<\/a>&nbsp;to strengthen the integrity of build environments.<\/p>\n\n\n\n<p>Crucially, we also committed to establishing new standards in information-sharing and public-private partnerships. Government security leaders should communicate frequently and continuously with their industry counterparts about enterprise software security, the development process, and adherence to ESF standards. When it comes to their vendors, Federal CISOs must also have a dedicated person to call at any time \u2013 not just a toll-free number.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Screen Vendors in Seven Steps<\/h2>\n\n\n\n<p>Self-attestation may be mandated, but it won\u2019t fix everything. After all, most agencies lack the resources to evaluate every software vendor\u2019s self-declaration, opening the doors to abuse. The compliance framework may also seriously hinder the procurement process.<\/p>\n\n\n\n<p>Until OMB issues further guidance, agencies can screen their suppliers\u2019 security measures using a set of seven questions developed by our CISO, Tim Brown, and DHS CISO Ken Bible in the aftermath of the SUNBURST. Those questions are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How do your vendors secure software code?<\/li>\n\n\n\n<li>What type of environment do you build your software in?<\/li>\n\n\n\n<li>Have they established secure software development framework roles and responsibilities?<\/li>\n\n\n\n<li>Are they using automation and DevSecOps to automate developer and security toolchains?<\/li>\n\n\n\n<li>What policies and measures do they have in place to prevent malicious or vulnerable software from affecting their customer base?<\/li>\n\n\n\n<li>How are they monitoring risk in their own supply chain?<\/li>\n\n\n\n<li>If a breach occurs, what\u2019s their process for notifying customers?<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Defending Together<\/h2>\n\n\n\n<p>Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.<\/p>\n\n\n\n<p><em><strong><a href=\"https:\/\/www.solarwinds.com\/resources\/whitepaper\/setting-the-new-standard-in-secure-software-development-the-solarwinds-next-generation-build-system\/delivery\" target=\"_blank\" rel=\"noreferrer noopener\" data-track=\"SolarWinds - Securing Supply Chain Blog - 2023 - Bottom CTA\">Download our Whitepaper&nbsp;<\/a>to learn more about how this model can be used to secure the software supply chain, or to learn more about SolarWinds Secure by Design initiative, SolarWinds&#8217; recently launched Next-Generation Build System, a model for secure enterprise software development.<\/strong><\/em><\/p>\n<head><meta name=\"url\" property=\"og:url\" content=\"https:\/\/www.carahsoft.com\/community\/solarwinds-securing-the-supply-chain-blog-2023\"><\/head>","protected":false},"excerpt":{"rendered":"<p>Software supply chain hacks are now the most prevalent form of cyberattack. According to the latest&nbsp;Verizon Data Breach Investigations Report,&nbsp;62% of system intrusion incidents came through a third-party, highlighting the difficulties that many organizations \u2013 including federal agencies \u2013 face &hellip; <a href=\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":9946,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2,1493,1555],"tags":[545,599,1498],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain<\/title>\n<meta name=\"description\" content=\"Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain\" \/>\n<meta property=\"og:description\" content=\"Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"| Carahsoft\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-27T17:32:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-09T19:13:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1215\" \/>\n\t<meta property=\"og:image:height\" content=\"882\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"The Carahsoft Team\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"The Carahsoft Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\"},\"author\":{\"name\":\"The Carahsoft Team\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/person\/dffa406b5cc1df3bbb30b12e96aa2083\"},\"headline\":\"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain\",\"datePublished\":\"2023-02-27T17:32:00+00:00\",\"dateModified\":\"2024-12-09T19:13:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\"},\"wordCount\":704,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg\",\"keywords\":[\"Cybersecurity\",\"SolarWinds\",\"Supply Chain Management\"],\"articleSection\":[\"Cybersecurity\",\"Partners\",\"Supply Chain Management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\",\"url\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\",\"name\":\"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain\",\"isPartOf\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg\",\"datePublished\":\"2023-02-27T17:32:00+00:00\",\"dateModified\":\"2024-12-09T19:13:40+00:00\",\"description\":\"Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage\",\"url\":\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg\",\"contentUrl\":\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg\",\"width\":1215,\"height\":882,\"caption\":\"SolarWinds Securing the Supply Chain Blog Preview Image 2023\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.carahsoft.com\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#website\",\"url\":\"https:\/\/www.carahsoft.com\/wordpress\/\",\"name\":\"| Carahsoft\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.carahsoft.com\/wordpress\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#organization\",\"name\":\"Carahsoft\",\"url\":\"https:\/\/www.carahsoft.com\/wordpress\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2022\/02\/Carahsoft-Blue-Logo-Print.png\",\"contentUrl\":\"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2022\/02\/Carahsoft-Blue-Logo-Print.png\",\"width\":3184,\"height\":846,\"caption\":\"Carahsoft\"},\"image\":{\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/person\/dffa406b5cc1df3bbb30b12e96aa2083\",\"name\":\"The Carahsoft Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/236e97a68144b362e2ffda77d1518ca7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/236e97a68144b362e2ffda77d1518ca7?s=96&d=mm&r=g\",\"caption\":\"The Carahsoft Team\"},\"description\":\"The Digital Media team at Carahsoft.\",\"sameAs\":[\"https:\/\/www.carahsoft.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain","description":"Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/","og_locale":"en_US","og_type":"article","og_title":"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain","og_description":"Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.","og_url":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/","og_site_name":"| Carahsoft","article_published_time":"2023-02-27T17:32:00+00:00","article_modified_time":"2024-12-09T19:13:40+00:00","og_image":[{"width":1215,"height":882,"url":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg","type":"image\/jpeg"}],"author":"The Carahsoft Team","twitter_misc":{"Written by":"The Carahsoft Team","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#article","isPartOf":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/"},"author":{"name":"The Carahsoft Team","@id":"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/person\/dffa406b5cc1df3bbb30b12e96aa2083"},"headline":"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain","datePublished":"2023-02-27T17:32:00+00:00","dateModified":"2024-12-09T19:13:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/"},"wordCount":704,"commentCount":0,"publisher":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/#organization"},"image":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg","keywords":["Cybersecurity","SolarWinds","Supply Chain Management"],"articleSection":["Cybersecurity","Partners","Supply Chain Management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/","url":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/","name":"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain","isPartOf":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg","datePublished":"2023-02-27T17:32:00+00:00","dateModified":"2024-12-09T19:13:40+00:00","description":"Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.","breadcrumb":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#primaryimage","url":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg","contentUrl":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2023\/02\/SolarWinds-Securing-the-Supply-Chain-Community-Blog_875X635.jpg","width":1215,"height":882,"caption":"SolarWinds Securing the Supply Chain Blog Preview Image 2023"},{"@type":"BreadcrumbList","@id":"https:\/\/www.carahsoft.com\/wordpress\/solarwinds-securing-the-supply-chain-blog-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.carahsoft.com\/wordpress\/"},{"@type":"ListItem","position":2,"name":"How CISOs Can Come to Grips With a New Priority \u2013 Securing the Supply Chain"}]},{"@type":"WebSite","@id":"https:\/\/www.carahsoft.com\/wordpress\/#website","url":"https:\/\/www.carahsoft.com\/wordpress\/","name":"| Carahsoft","description":"","publisher":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.carahsoft.com\/wordpress\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.carahsoft.com\/wordpress\/#organization","name":"Carahsoft","url":"https:\/\/www.carahsoft.com\/wordpress\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/logo\/image\/","url":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2022\/02\/Carahsoft-Blue-Logo-Print.png","contentUrl":"https:\/\/www.carahsoft.com\/wordpress\/wp-content\/uploads\/2022\/02\/Carahsoft-Blue-Logo-Print.png","width":3184,"height":846,"caption":"Carahsoft"},"image":{"@id":"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/person\/dffa406b5cc1df3bbb30b12e96aa2083","name":"The Carahsoft Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carahsoft.com\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/236e97a68144b362e2ffda77d1518ca7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/236e97a68144b362e2ffda77d1518ca7?s=96&d=mm&r=g","caption":"The Carahsoft Team"},"description":"The Digital Media team at Carahsoft.","sameAs":["https:\/\/www.carahsoft.com"]}]}},"_links":{"self":[{"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/posts\/9202"}],"collection":[{"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/comments?post=9202"}],"version-history":[{"count":4,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/posts\/9202\/revisions"}],"predecessor-version":[{"id":9382,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/posts\/9202\/revisions\/9382"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/media\/9946"}],"wp:attachment":[{"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/media?parent=9202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/categories?post=9202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.carahsoft.com\/wordpress\/wp-json\/wp\/v2\/tags?post=9202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}