KPMG in India and Lineaje Inc. announced an alliance that will provide organizations and clients with offerings that enable complete visibility and control over their software supply chain. Together, KPMG in India and Lineaje, a company with expertise in software supply chain security management, will support organizations in transforming and renewing their third-party risk management programs and help keep pace with today’s need for a well-connected yet secure software supply chain.
Software supply chain attacks often involve adversaries exploiting vulnerabilities in third-party software products (or components) to target customer organizations. Additionally, evidence has shown that bad actors leverage multiple touch points within the large, complex, and interconnected system of technology, people, and processes that make up the software supply chain – to infiltrate them and inject malicious code.
Within this landscape, organizations now recognize the increasing need for Software Supply Chain Security (SSCS), which offers greater visibility and control over the software supply chain. KPMG in India’s capabilities (Advisory + Assessment + SSCS SMEs support), when combined with Lineaje’s Third-Party Risk Management (TPRM) solution, will create an innovative Software Bill of Materials (SBOM) exchange platform, which can be designed to streamline how organizations share SBOMs – while adding a layer of transparency into third party offerings and their risk levels.
Commenting on the alliance, Akhilesh Tuteja, Global Cyber Security Leader, KPMG International, said “Software supply chain security has become a key priority and focus area for organizations, boardrooms, and senior management to meet regulatory requirements and minimize risks. Today, having clear insight and visibility over the end-to-end software supply chain and a comprehensive approach is imperative to address SSCS risks. However, many organizations face challenges in developing processes and approaches to protect their SSCS pipeline. These challenges not only arise from development practices but also from partners or other external factors, involved during the entire supply chain -starting from developing a software product right through distribution till decommissioning. With Lineaje, we hope to help and guide clients on their start to a safe and secure SSCS journey throughout the software supply chain lifecycle.”
Establishing visibility across the software supply chain has become vital in a hyper-connected world and enables establishing effective measures to address risks associated with software products and components and its supply chain” said Atul Gupta, Partner and Leader – Cyber Security and Digital Trust, KPMG in India. “Lineaje provides us with a solution that complements our capabilities by providing a vital advanced technology platform to proactively identify and mitigate security risks associated with the software supply chain lifecycle. We collectively aim to provide a comprehensive solution to address software supply chain risks” added Gupta.
“Developers and security teams do not have X-Ray vision to see inside the components and dependencies of software they buy. This lack of real-time visibility has made spotting software supply chain attacks in advance nearly impossible. As a result, these incidents continue to dominate the cybersecurity landscape,” said Javed Hasan, CEO, and co-founder, Lineaje. “The Lineaje TPRM facilitates the secure request and collection of SBOMs from third-party vendors, ensuring a robust and confidential process for obtaining crucial software component information. Together with KPMG in India’s capabilities, the joint solution can address the dangers in third-party software quickly to effectively secure software supply chains and put organizations in a better position for a safer digital future.”
The joint offering by KPMG in India and Lineaje will also help software product manufacturers to meet regulatory requirements such as EO-14028, DHS Software Supply Chain Risk Management Act 2021, FDA, NCSC – Supply Chain Security Guidance, ENSIA, DORA, CRA, SEBI, ACSC Cyber Supply Chain Risk Management Guidelines, MAS etc., thereby helping build a secure supply chain security program.