Editor’s Note: The following is an article written for and published in DZone’s 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle.
High-profile software supply chain attacks like SolarWinds, Log4j, and MOVEit highlight the urgent need to address the vulnerabilities caused by insecure software supply chains, prompting a decisive regulatory response. In the United States, entities like the Federal Trade Commission (FTC), the Computer Fraud and Abuse Act, and emerging state laws are already being used to penalize companies that contain or distribute vulnerable or malicious code. Meanwhile, Europe’s Cyber Resilience Act and new Product Liability Directive impose stricter cybersecurity obligations, heavy fines, and even personal accountability for software-related harm.