How to Manage Risk When Purchasing Software and SaaS

Typically, Commercial off-the-shelf (COTS) and Software as a Service (SaaS) products are trusted as secure by customers, but more attention is being paid in recent years to supply chain risk and vulnerabilities, as growing dependence on external third party suppliers puts users and the enterprise at risk due to potentially exploitable software and increased liability.

Enterprise customers are becoming proactive and performing due diligence by asking their suppliers about support for software quality standards. The supplier may produce certifications or audit reports to demonstrate software quality practices, secure coding and architecture, and supply chain risk management. It benefits the software provider to have this information available for ease of contracting and competitive advantage, and it benefits the customer to ask their suppliers about support for standards as the responsibility for secure, resilient and reliable software rests in their hands.