Hardware Manufacturers

• Products like routers and switches are composed of many components from various suppliers
• Component tampering or untrustworthy vendors can introduce vulnerabilities
• Rigorous supply chain assessments needed to trace origins and component integrity
• Trusted foundry programs ensure secure manufacturing

Secondary/Aftermarket Sources

• Risk of acquiring counterfeit or tampered devices
• Devices may contain malware or vulnerabilities
• Budget-friendly but high-risk option

Software Developers/Providers

• Software developers and software providers are integral cogs in the supply chain
  • However, software can introduce vulnerabilities
• Check for proper licensing, authenticity, known vulnerabilities, and malware
• Open-source software allows source code review
• Proprietary software can be scanned for vulnerabilities

Service Providers/MSPs:

• Managed Service Providers
• Security challenges with Software-as-a-Service (SAAS) providers

Considerations:

• Evaluate data security measures
• Ensure confidentiality and integrity