KPMG in India and Lineaje Inc, today announced an alliance that will provide organisations and clients with offerings, that enable complete visibility and control over their software supply chain. Together both KPMG in India, and Lineaje a company with expertise in software supply chain security management, will support organisations transform and renew their third -party risk management programmes, and help keep pace with today’s need for a well-connected, yet secure software supply chain.
Software supply chain attacks often involve adversaries exploiting vulnerabilities in third-party software products (or components) to target customer organisations. Additionally, evidence has shown that bad actors are leveraging multiple touch points within the large, complex, and interconnected system of technology, people and processes that make up the software supply chain – to then infiltrate and inject malicious code.
Within this landscape, organisations are now recognising the increasing need for Software Supply Chain Security (SSCS) which offers greater visibility and control over the software supply chain. KPMG in India’s capabilities (Advisory + Assessment + SSCS SMEs support) when combined with Lineaje’s Third-Party Risk Management (TPRM) solution will create an innovative Software Bill of Materials (SBOM) exchange platform, which can be designed, to streamline how organisations share SBOMs – while adding a layer of transparency into third party offerings and their risk levels.
Commenting on the alliance, Akhilesh Tuteja, Global Cyber Security Leader, KPMG International said “Software supply chain security has become a key priority and focus area for organisations, boardrooms, and senior management to meet regulatory requirements and minimize risks. Today, having clear insight and visibility over the end-to-end software supply chain, along with a comprehensive approach, is imperative to address SSCS risks. However, many organisations face challenges in developing processes and approaches to protect their SSCS pipeline. These challenges not only arise from development practices, but also from partners or other external factors, involved during the entire supply chain -starting from developing a software product right through distribution till decommissioning. With Lineaje, we hope to help and guide clients on their start to a safe and secure SSCS journey throughout the software supply chain lifecycle.”
Establishing visibility across software supply chain has become vital in a hyper connected world and also enables in establishing effective measures to address risks associated with software products and components and its supply chain” said Atul Gupta, Partner and Leader – Cyber Security and Digital Trust, KPMG in India. “Lineaje provides us with a solution that complements our capabilities, by providing a vital advanced technology platform, to proactively identify and mitigate security risks associated with the software supply chain lifecycle. We collectively aim to provide a comprehensive solution to address software supply chain risks” added Gupta.
“Developers and security teams do not have X-Ray vision to see inside the components and dependencies of software they buy. This lack of real-time visibility has made spotting software supply chain attacks in advance nearly impossible. As a result, these incidents continue to dominate the cybersecurity landscape,” said Javed Hasan, CEO and co-founder, Lineaje. “The Lineaje TPRM facilitates the secure request and collection of SBOMs from third-party vendors, ensuring a robust and confidential process for obtaining crucial software component information. Together with KPMG in India’s capabilities, the joint solution can address the dangers in third-party software quickly to effectively secure software supply chains and put organizations in a better position for a safer digital future.”
The joint offering by KPMG in India and Lineaje will also help software product manufacturers to meet regulatory requirements such as EO-14028, DHS Software Supply Chain Risk Management Act 2021, FDA, NCSC – Supply Chain Security Guidance, ENSIA, DORA, CRA, SEBI, ACSC Cyber Supply Chain Risk Management Guidelines, MAS etc., thereby helping build a secure supply chain security program.