Supply chain risk covers threats from vendors, contractors, software components, and hardware — any trusted third party that could be compromised to attack you.
SolarWinds and Log4Shell demonstrated supply chain risk scale. Controls: vendor security assessments, SBOM, code signing verification, minimum necessary access for vendors, monitoring vendor connections.