Is Third-Party Software Leaving You Vulnerable to Cyberattacks?
Harvard Business Review
Keman Huang, Keri Pearlson, and Stuart Madnick
When companies buy software, they tend to assume it’s secure — but they shouldn’t. Vulnerabilities in the digital supply chain are the responsibility of both developers, vendors, and customers, but right now cybersecurity isn’t a priority for either party. There are two key miscalculations that are bound up in this: First, that cybersecurity does not directly contribute to revenue and second, that cybersecurity is a feature that can easily be added on later in the project as necessary. Leaders can address this by making security a selling (or buying) point, using security to motivate developers, teaching their developers about security risks, and helping...