Supply chain risk management (SCRM) is the process of identifying, assessing, and mitigating risks that could disrupt the flow of goods, services, information, or finances across a supply chain.
In cybersecurity, supply chain risk management (SCRM) refers to managing risks that arise from third-party vendors, software, hardware, and services that could introduce vulnerabilities or threats into an organization’s systems.
Supply chain risk management applies to the SDLC by ensuring that third-party components, tools, libraries, and services used during development are vetted, monitored, and secured to prevent introducing vulnerabilities at any stage from design to deployment.