As security leaders progress in their establishment of software supply chain security programs, they face a good news-bad news situation with the tools available to them — literally: the technology is rapidly advancing for good and for bad.
The good news of the rapidly advancing software supply chain security technology is that the brisk pace of innovation provides increasing opportunities to gain greater visibility and transparency into the vast array of components and code that feed into software portfolios.
The bad news, however, is that experimentation and innovation are going in many different directions at the same time and the tools landscape is a confusing mash-up of new and evolving category acronyms and niche products.