BusinessCybersecurityNewswireTechnology

Make Software Supply Chain Security a Daily Habit

Originally published on: July 11, 2026
▼ Summary

– Anastasia Tikhonova advises teams to use an SBOM daily rather than treating it as a compliance document.
– The goal is to operationalize software supply chain risk for active threat management.

In every software-driven organization, software supply chain security must shift from a checkbox exercise to a daily operational practice. Anastasia Tikhonova, Global Threat Research Lead at Group-IB, emphasizes that the Software Bill of Materials (SBOM) should not be treated as a static compliance document. Instead, teams should actively use it on a routine basis to identify and address vulnerabilities.

Tikhonova stresses that the real risk often lies in the components and dependencies that developers pull in from third-party sources. When an SBOM is filed away and ignored, organizations miss the chance to detect emerging threats early. She advocates for integrating SBOM analysis into continuous integration and development workflows, making it a regular part of the development lifecycle rather than a one-time audit.

To operationalize this, teams need to treat software supply chain risk as an ongoing concern. This means scanning SBOMs against current vulnerability databases, monitoring for newly disclosed flaws, and updating dependencies promptly. By making this a daily habit, security teams can move from reactive patching to proactive risk management.

Ultimately, the goal is to embed security into the fabric of software development. Tikhonova’s message is clear: an SBOM’s true value emerges only when it is actively used to guide decisions every day, not just when a compliance report is due.

(Source: Help Net Security)

Topics

software supply chain 95% sbom usage 93% Risk Management 88% cybersecurity practices 85% vulnerability detection 82% compliance documents 78% operational security 76% threat research 74% global security trends 70% team collaboration 68%