You're relying on third-party systems. How can you safeguard your projects from external risks?

Utilize SBOMs to track all third-party components and their versions throughout the later stages of your SDLC, while also collecting SBOMs from your supply chain and suppliers who provide software-based products. Leverage SBOM management and continuous vulnerability monitoring platforms to ensure full software supply chain transparency. Implement VEX (Vulnerability Exploitability Exchange) to evaluate the impact of known vulnerabilities, end-of-life, and end-of-support events, enabling proactive risk management and swift mitigation.

For third party libraries ensure the following - library is being maintained and updated regularly - No known CVE - SAML or OAuth 2.0 libraries ensure specifications are updated - License agreements are being adhered to Products should upgrade regularly else an inordinate delay results in breaking changes and subtle issues . Always keep a lookout for license changes and evaluate alternatives for business continuity.

Devil is in the integration. Besides security and vendor lock-in risks, not paying attention to integration leads to fragile architecture. Many teams end up doing point-to-point integrations between system components. Such integrations leak vendor technology specifics into in-house systems resulting in tighter coupling. Instead integrate systems via domain driven business capability platforms. These platforms address 3 key aspects: 1. Common representations of business constructs 2. Suitable interactions between different components based on performance and capacity needs 3. Appropriate technology to support the above. This platform also helps avoid vendor lock-in and enhance security.

Managing third-party risks is all about preparation and vigilance. Besides solid SLAs and avoiding over-reliance on a single provider, you need to stay proactive with your software supply chain security. This means collecting and regularly updating SBOMs (Software Bill of Materials) for all third-party components to keep track of what's in your stack. Invest into a good #SBOM analytics/management tool to have instant visibility (software transparency) and data enrichment for effective operations. When vulnerabilities pop up, having those SBOMs lets you identify and react quickly, minimizing the impact. Pair this with regular audits and strong contingency plans, and you can keep your projects safe, even with external dependencies in play.

To safeguard against external risks like vendor and competency lock-in, use open standards and APIs for flexibility, engage multiple vendors to avoid reliance on one, and invest in developing internal expertise. Ensure contracts include exit clauses and data ownership provisions to protect your interests and facilitate smooth transitions if needed.