COOs should be asking their CISOs is: How can I make my product and processes the most secure and acceptable risk parameters for the company and our customers? In the guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) in April 2021 on securing one’s supply chain, a portion of the guidance was dedicated to the threat vector posed to entities. Some CISOs lack the recognition that the latter is the support element to the former. CISOs and their teams provide support to close gaps and minimize the identified risks.”]
Source: https://www.csoonline.com/article/3626385/cisos-do-you-know-whats-in-your-companys-products.html