Associations often work closely with industry partners and technology vendors, and while they may be paying for the vendor’s services, they may also be indirectly paying for the tools and services that the vendor relies on.
Given the current security landscape, should your association be aware of how your tech supply chain works? Now is a good time to ask.
Associations looking to sign on the dotted line should ask the vendor for a dash of transparency—something called a software bill of materials (SBOM). The idea is similar to a nutrition label on a box of cereal: Those who want to know where their software is coming from—whether an open-source project, a proprietary tool, a cloud-based vendor—can see it easily without having to dig deep.
Please select this link to read the complete article from Associations Now.