"Every enterprise is connected in some way to its partners in the supply chain and must allow access to communicate back and forth," said Bala Venkat, chief marketing officer at the applications security vendor Cenzic. "That exposes third-party applications. Unfortunately, we see a high level of confusion about what application security is. Too often, it gets confused with network layer or secure socket layer security. "
Partners in the supply chain may serve as a back door to a desired target. "Hackers often try to find the weakest link of the network they want to attack," Venkat said. "Connection-related attacks are becoming increasingly popular, so it's become very compelling to solve."
Today, the electronics supply chain faces a daunting number of potential security flaws, including form caching issues, JavaScript vulnerabilities, SQL injection attacks, and web server configuration vulnerabilities. Each makes critical information, from product designs to price lists, vulnerable to attack. The rise of mobile supply chain apps will only increase the potential application vulnerabilities of the supply chain.
The answer, then, is a proactive look at the security of supply chain software being used by the organization and its partners. "You simply can't tell a partner that you can't connect with their systems, but you can ask for independent verification that the applications in question are free from all the possible vulnerabilities that exist."
