Developer and entrepeneur Bert Hubert has written about how software supply chain safety is similar to food supply safety [berthub.eu]. Both are about recognizing hazards and finding critical control points to monitor. Strict rules about handling must also be followed, in both fields.
You can’t just buy the required stuff and declare the food is now safe. It requires constant vigilance.
The analogies to cybersecurity are overwhelming. Food safety is the proper analogy for cybersecurity.
- The enemy is invisible (germs)
- You can get infected via your supply chain, which is also your responsibility
- A single employee not paying attention can sink you
- Out of sight, bugs can fester for years before causing harm
- Without the right infrastructure, you are doomed
- But even if you buy the right stuff, there are no silver bullet solutions - only paths to improvement
So I looked into this a bit more, as related fields can often provide very good inspiration. And I was blown away by what I found.
Food safety has been around for a while now and they are light years ahead of us. A mainstay of providing safe food is HACCP.
The key in both areas is recognition that safety is an ongoing process and not a product or appliance which can be tacked on aftermarket.
(2020) Supply-Chain Attack Hits RubyGems Repository with 725 Malicious Packages [soylentnews.org]
(2020) A Better Kind of Cybersecurity Strategy [soylentnews.org]