Software Supply Chain Failures: The Emerging Priority in Application Security by Karthikeyan Ramdass

As modern software ecosystems become increasingly interconnected, software supply chain security has emerged as one of the most critical challenges in application security today.

In this article, CyAN member Karthikeyan Ramdass examines why Software Supply Chain Failures, ranked as A03 in the OWASP Top 10:2025, represent a systemic risk that extends far beyond individual application vulnerabilities. Drawing on real-world incidents such as SolarWinds and Log4Shell, the piece explores how compromised dependencies, unmaintained components, and insecure build pipelines can trigger large-scale cascading breaches.

By mapping supply chain risks to key Common Weakness Enumeration (CWE) categories and outlining practical mitigation strategies including SBOM visibility, dependency monitoring, and CI/CD pipeline hardening, this article provides actionable insight for security practitioners, developers, and policy stakeholders navigating today’s software risk landscape.

You can download this edition by clicking the three dots icon on the far right and selecting Download PDF File. For the best reading experience, we recommend enlarging it by clicking the fullscreen icon, which is the third icon from the right. All article titles inside the flipbook are clickable links.

About the Author

Karthikeyan Ramdass
Cybersecurity Lead Member of Technical Staff

Karthikeyan is an accomplished cybersecurity leader with over 18 years of experience protecting global enterprises across the technology, aviation, financial, and insurance sectors. He currently serves as a Lead Member of Technical Staff at Salesforce, where he leads initiatives in Application Security Posture Management, DevSecOps, and AI security, ensuring the resilience of one of the world’s largest cloud ecosystems.