Projecting the next decade of software supply chain security | CyberScoop<\/title> <meta name=\"description\" content=\"With the rapid pace of innovation accelerating under a new administration, discussions over whether software security will be sidelined in favor of speed are heating up.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/projecting-the-next-decade-of-software-supply-chain-security\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Projecting the next decade of software supply chain security\"> <meta property=\"og:description\" content=\"With the rapid pace of innovation accelerating under a new administration, discussions over whether software security will be sidelined in favor of speed are heating up.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/projecting-the-next-decade-of-software-supply-chain-security\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-10T14:03:04+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-10T14:03:41+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=1024,725\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"725\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1738946988g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=811a4fffdf449a472805\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83443\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83443\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fprojecting-the-next-decade-of-software-supply-chain-security%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fprojecting-the-next-decade-of-software-supply-chain-security%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83443 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/projecting-the-next-decade-of-software-supply-chain-security\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.266666666667\">\n<div class=\"single-article__header-content\" readability=\"32.560606060606\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/projecting-the-next-decade-of-software-supply-chain-security\/\"> <span>Uncategorized<\/span> <\/a> <\/li>\n<\/ul>\n<p> A 2035 vision includes a shift that combines security and innovation. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83443\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"453\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security.jpg?resize=640%2C453&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"PHP\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg 2831w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=300,212 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=768,544 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=1024,725 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=1536,1088 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=2048,1450 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=600,425 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=237,168 237w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=476,337 476w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=953,675 953w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-2.jpg?resize=1190,843 1190w\" sizes=\"(max-width: 953px) 100vw, 953px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"32.04296875\"><body readability=\"65\"><\/p>\n<p>With the rapid pace of innovation accelerating under a new administration, discussions over whether software security will be sidelined in favor of speed are heating up. However, security leaders have long been saying that security protocols shouldn\u2019t slow down development plans \u2014 and they don\u2019t when done correctly. This perception must be adopted more widely so that innovation and security can happen in tandem. <\/p>\n<h5 class=\"wp-block-heading\" id=\"h-preventing-thieves-from-entering-your-home-in-the-first-place-nbsp\"><strong>Preventing thieves from entering your home in the first place <\/strong><\/h5>\n<p>Currently, the software industry stands at a crossroads. The past few years have seen devastating supply chain attacks \u2014 from the SolarWinds attack to the Log4Shell vulnerability \u2014 that have shaken our confidence in the fundamental security of our digital infrastructure. They took trusted tools and turned them into threats, and most of the industry was powerless. <\/p>\n<p>It\u2019s akin to a burglar breaking into your home and even though you can see them raiding your personal belongings on your security camera, you can\u2019t do anything about it until after the fact. What good are those cameras if they only record the theft, or scanners if they only catch threats already in your environment? What if you could prevent thieves from entering your home in the first place, and remove threats to your organization altogether? <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-shifting-what-it-means-to-be-secure-and-innovative-nbsp\"><strong>Shifting what it means to be secure <\/strong><strong><em>and <\/em><\/strong><strong>innovative <\/strong><\/h5>\n<p>Looking ahead to 2035, we envision a radically different landscape. Instead of development teams struggling with basic questions like \u201cwhat\u2019s actually in our software?\u201d and \u201ccan we trust these dependencies?\u201d, we see a future where development environments verifying the integrity of dependencies is as automatic as syntax highlighting is today. Where every container image is built directly from source and carries cryptographic proof of its build process and composition \u2014 and every vulnerability is patched. In this world, security is built in, and enables innovation. <\/p>\n<p>The building blocks of this transformation are already emerging. New standards for supply chain integrity are taking shape, pushed forward by executive orders and industry initiatives. Sigstore, for example, is demonstrating how we can make code signing ubiquitous and accessible. <\/p>\n<p>This isn\u2019t just about better tools \u2014 it\u2019s about fundamentally shifting how we think about security and productivity. The perception that security controls necessarily slow down development needs to be challenged. When thoughtfully designed and seamlessly integrated, security controls can actually accelerate development by eliminating entire categories of risks and the incidents they cause. <\/p>\n<h5 class=\"wp-block-heading\" id=\"h-building-a-world-where-every-line-of-code-is-secure-by-default\"><strong>Building a world where every line of code is secure by default<\/strong><\/h5>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Getting to this future requires solving significant challenges and collaboration across the entire software ecosystem \u2014 from individual developers to the largest enterprises, from open-source maintainers to cloud providers. By making security an inherent part of our development tools and processes rather than an optional layer, we can build a world where every line of code is secure by default, and trust is established through verification rather than assumption. <\/p>\n<p>That\u2019s essential not to just businesses, but to our society. As software increasingly powers critical infrastructure, medical devices, and financial systems, the security of our supply chain becomes inseparable from our collective security. <\/p>\n<p>This isn\u2019t just an aspirational future \u2014 it\u2019s an imperative one. The organizations that will thrive in 2035 will be those that recognized this reality in 2025 and began adapting accordingly.<\/p>\n<p><em>Dan Lorenc is the co-founder and CEO of Chainguard. <\/em><\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.62758620689655\">\n<div class=\"author-card\" readability=\"7\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/projecting-the-next-decade-of-software-supply-chain-security-1.jpg?w=640&ssl=1\" alt=\"Dan Lorenc\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Dan Lorenc<\/h4>\n<p> Dan Lorenc is the co-founder and CEO of Chainguard. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/projecting-the-next-decade-of-software-supply-chain-security\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Projecting the next decade of software supply chain security |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3687,1073,1276,3688,1],"tags":[3689,1076,1278,3690,325],"class_list":["post-7257","post","type-post","status-publish","format-standard","hentry","category-chainguard","category-open-source","category-secure-by-design","category-software-security","category-uncategorized","tag-chainguard","tag-open-source","tag-secure-by-design","tag-software-security","tag-uncategorized"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chainguard\/\" rel=\"category tag\">Chainguard<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/secure-by-design\/\" rel=\"category tag\">secure-by-design<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/software-security\/\" rel=\"category tag\">software security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7257"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7257\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7257,"date":"2025-02-10T08:03:04","date_gmt":"2025-02-10T14:03:04","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83443"},"modified":"2025-02-10T08:03:04","modified_gmt":"2025-02-10T14:03:04","slug":"projecting-the-next-decade-of-software-supply-chain-security","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/10\/projecting-the-next-decade-of-software-supply-chain-security\/","title":{"rendered":"Projecting the next decade of software supply chain security"},"content":{"rendered":"