iron-hands-and-supply-chain-purchasing-powerSupply chain management may conjure thoughts of enterprises driving business relationships with an iron hand - think of Walmart’s legendary purchasing power driving innovation into its suppliers. But some supply chain transformations occur through collaboration between the supplier and the enterprise in support of meeting the enterprise’s goal.

In green supply chain transformations, there are examples of this both in the formulation of environmental guidelines and in developing practical solutions to environmental challenges. The same can be seen in secure supply chain efforts. Some of the innovations in Veracode’s VAST program, such as vendor on-boarding and scoping calls, have come from supplier suggestions. Better still, the frame of VAST itself, in which suppliers are required to reach compliance with a policy and given latitude about how they test and correct issues to meet that policy, encourages collaboration between supplier and enterprise.

Veracode’s own VAST offering is a good example of collaboration between enterprises and vendors. Enterprises wanted the ability to understand the security of their purchased software, as they understood that vulnerable third-party applications put their data at risk. Software vendors had two concerns: they didn’t want enterprises to have sensitive data that could risk their IP, and they didn’t want to do bespoke assessments for each supplier. The outcome of the desires of both parties has been the Veracode VAST model.

By choosing to work with Veracode for a security attestation, software suppliers can provide the needed proof of security to their customers and prospects, while still protecting their data and intellectual property. As you work to secure your supply chain, you should be mindful of the partnership between you and the software supplier. By presenting software security as a common goal, you will gain better acceptance and adoption.

The Seven Habits of Highly Effective Third-Party Software Security Programs

  1. Choose the right suppliers
  2. Put your efforts where they do the most good
  3. Use suppliers as force multipliers
  4. Collaborate to innovate
  5. The elephant in the room is compliance
  6. Drive compliance via “WIIFM”
  7. Align benefits for enterprise and supplier - or pay

About Tim Jarrett

Tim Jarrett is Senior Director of Product Marketing at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.