If 2020 was the year that we became acutely aware of the consumer goods supply chain (toilet paper, anyone? Anyone?), then 2021 was the year that the software supply chain rose in our collective consciousness. In perhaps the most infamous attack of the year, thousands of customers, including several US government agencies, downloaded compromised SolarWinds updates.
Alas, SolarWinds was not alone. Indeed, the weaknesses in our software supply chain were all too evident with the recent Log4j vulnerability. Log4j is a widely used open source Java logging framework, so the vulnerability has put tens of thousands of applications (ranging from data storage services to online video games) at risk.