This message was posted by a user wishing to remain anonymous
Good day Community!
I am in need of some suggestions or recommendations. We are currently looking to enhance our Information security due diligence for suppliers providing us with software. This is software used in our Operational Technology area (usually products that comes with a software aspect). Typically we dont have a supplier relationship after these purchases.
Tools such as Security Scorecard provides information on the organisations credebility which is one aspect, however, for sensitive operations where we need to ensure the software itself is free of any vulnerabilities - we would like to perform testing in that regard (e.g. sandbox testing). We dont have resources from the App Testing team to run each and every piece of software we purchase. What tools are you using to achieve that assurance that a piece of software is credible before being installed in your environment?
I would value your insights please.
Kind regards