"Every enterprise is connected in some way to its partners in the supply chain and must allow access to communicate back and forth," said Bala Venkat, chief marketing officer at the applications security vendor Cenzic. "That exposes third-party applications. Unfortunately, we see a high level of confusion about what application security is. Too often, it gets confused with network layer or secure socket layer security. "
Partners in the supply chain may serve as a back door to a desired target. "Hackers often try to find the weakest link of the network they want to attack," Venkat said. "Connection-related attacks are becoming increasingly popular, so it's become very compelling to solve."
The answer, then, is a proactive look at the security of supply chain software being used by the organization and its partners. "You simply can't tell a partner that you can't connect with their systems, but you can ask for independent verification that the applications in question are free from all the possible vulnerabilities that exist."