Successful product security programs are comprehensive and extend to outsourced components and software. Integrity tests within the supply chain are essential for building and preserving trust. Dell Technologies has a formal Supply Chain Risk Management program that ensures the hardware and software components that are used in the company's products originate from properly vetted sources. Supply chain security is applying preventive and detective control measures that protect physical and digital assets, inventory, information, intellectual property, and people. Addressing information, personnel, and physical security helps provide supply chain security by reducing opportunities for the malicious introduction of malware and counterfeit components into the supply chain. Cybercriminals have also increased the targeting of supply chains with ransomware to extort organizations.
Proactive verification, validation, and security testing activities throughout the life cycle help ensure secure software and reduce the likelihood of malware or coding vulnerabilities being inserted into the software. A robust cybersecurity program improves software integrity by preventing unauthorized access to source code and minimizing the potential for malware to be introduced into a product before it is shipped to the customer. These measures are tightly aligned with Software Assurance Forum for Excellence in Code (SAFECode) guidelines and ISO 27034.