Uncovering Hidden Risks in Enterprise Software Supply Chain Security
At SECon Shanghai 2023, Synopsys highlighted the expanding attack surface of modern software supply chains, citing the lingering Log4j vulnerability, Gartner's 2025 forecast, and new regulations, while outlining legal, tooling, and consulting measures to mitigate hidden security risks.
The 2023 SECon Global Software Engineering Innovation Summit opened in Shanghai with the theme “Intelligent Era, Evolving Together,” featuring a main forum and fifteen sub‑forums covering cloud‑native architecture, big data, AI, and large‑model technologies, and showcasing over 60 innovative engineering cases.
Synopsys participated as a gold‑partner, and its senior software security architect and open‑source governance expert Wang Yonglei delivered a keynote titled “Enterprise‑Level Software Supply Chain Security: Hidden Corners” and was interviewed by Shanghai TV’s Dongfang Finance channel.
Wang emphasized that modern software supply chains are long and expose many attack surfaces across design, development, deployment, operation, and upgrade stages. He cited the notorious Log4j vulnerability as an example and noted that Synopsys’s OSSRA 2023 report still finds 11% of audited Java codebases vulnerable to it. Gartner predicts that more than 45% of organizations will experience a software‑supply‑chain attack by 2025.
The speaker explained that today’s software is assembled from proprietary code, third‑party components, and open‑source libraries, creating a complex, multi‑party ecosystem that makes security governance challenging.
To address these challenges, Wang outlined two main response categories. First, legal and standards frameworks: the United States’ 2022 Open‑Source Software Act, the EU’s Cyber Resilience Act, ISO 5230, and China’s ICT supply‑chain security standard GB/T 36637‑2018 all set requirements and baselines for supply‑chain security. Second, the need for robust tools and services. Synopsys offers a comprehensive open‑source supply‑chain governance solution, including the industry‑leading BlackDuck tool and consulting services to help customers improve their security posture.
In his presentation, Wang structured the discussion into three dimensions: current focus points of enterprise software‑supply‑chain security, the hidden corners that remain under‑addressed, and strategic thinking about supply‑chain security. The goal was to raise risk awareness and security consciousness among developers, managers, and executives.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Smart Era Software Development
Committed to openness and connectivity, we build frontline engineering capabilities in software, requirements, and platform engineering. By integrating digitalization, cloud computing, blockchain, new media and other hot tech topics, we create an efficient, cutting‑edge tech exchange platform and a diversified engineering ecosystem. Provides frontline news, summit updates, and practical sharing.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.