IG Report Flags Widespread Gaps in DOE’s Software Supply Chain Security. An audit of the Department of Energy found failures in supply chain risk practices, with multiple contractor sites lacking basic policies, verification mechanisms and visibility into the actual software running on critical systems. Three locations lacked formal policies.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/doe-still-blind-to-its-own-software-supply-chain-risks-a-29307
