5 commercial software attacks — and what you can learn from them

Enterprise organizations in recent years have come to recognize that attacks targeting software supply chains are a major threat. But the focus has been on attacks involving open-source software, since commercial software is a black box for many enterprises. Cybersecurity incidents such as the one that SolarWinds disclosed in December 2020 have become increasingly common — as have vulnerability exploits used against trusted vendors and attacks on organizations handling enterprise data. Here are five major commercial supply chain security incidents from the past year — and the lessons they offer for security stakeholders.