KPMG in India and Lineaje Announce an Alliance to Help Organisations Safeguard Against Software Supply Chain Attacks with Advanced Third-Party Risk Management Offerings

KPMG in India and Lineaje Inc, today announced an alliance that will provide organisations and clients with offerings, that enable complete visibility and control over their software supply chain. Together both KPMG in India, and Lineaje a company with expertise in software supply chain security management, will support organisations transform and renew their third -party risk management programmes, and help keep pace with today’s need for a well-connected, yet secure software supply chain.

Software supply chain attacks often involve adversaries exploiting vulnerabilities in third-party software products (or components) to target customer organisations. Additionally, evidence has shown that bad actors are leveraging multiple touch points within the large, complex, and interconnected system of technology, people and processes that make up the software supply chain – to then infiltrate and inject malicious code.

Within this landscape, organisations are now recognizing the increasing need for Software Supply Chain Security (SSCS) which offers greater visibility and control over the software supply chain. KPMG in India’s capabilities (Advisory + Assessment + SSCS SMEs support) when combined with Lineaje’s Third-Party Risk Management (TPRM) solution will create an innovative Software Bill of Materials (SBOM) exchange platform, which can be designed, to streamline how organisations share SBOMs – while adding a layer of transparency into third party offerings and their risk levels.

Commenting on the alliance, Akhilesh Tuteja, Global Cyber Security Leader, KPMG International said “Software supply chain security has become a key priority and focus area for organisations, boardrooms, and senior management to meet regulatory requirements and minimize risks. Today, having clear insight and visibility over the end-to-end software supply chain, along with a comprehensive approach, is imperative to address SSCS risks. However, many organisations face challenges in developing processes and approaches to protect their SSCS pipeline. These challenges not only arise from development practices, but also from partners or other external factors, involved during the entire supply chain -starting from developing a software product right through distribution till decommissioning. With Lineaje, we hope to help and guide clients on their start to a safe and secure SSCS journey throughout the software supply chain lifecycle.”

Establishing visibility across software supply chain has become vital in a hyper connected world and also enables in establishing effective measures to address risks associated with software products and components and its supply chain” said Atul Gupta, Partner and Leader – Cyber Security and Digital Trust, KPMG in India. “Lineaje provides us with a solution that complements our capabilities, by providing a vital advanced technology platform, to proactively identify and mitigate security risks associated with the software supply chain lifecycle. We collectively aim to provide a comprehensive solution to address software supply chain risks” added Gupta.

“Developers and security teams do not have X-Ray vision to see inside the components and dependencies of software they buy. This lack of real-time visibility has made spotting software supply chain attacks in advance nearly impossible. As a result, these incidents continue to dominate the cybersecurity landscape,” said Javed Hasan, CEO, and co-founder, Lineaje. “The Lineaje TPRM facilitates the secure request and collection of SBOMs from third-party vendors, ensuring a robust and confidential process for obtaining crucial software component information. Together with KPMG in India’s capabilities, the joint solution can address the dangers in third-party software quickly to effectively secure software supply chains and put organizations in a better position for a safer digital future.”

The joint offering by KPMG in India and Lineaje will also help software product manufacturers to meet regulatory requirements such as EO-14028, DHS Software Supply Chain Risk Management Act 2021, FDA, NCSC – Supply Chain Security Guidance, ENSIA, DORA, CRA, SEBI, ACSC Cyber Supply Chain Risk Management Guidelines, MAS etc., thereby helping build a secure supply chain security program.

About Lineaje

Lineaje provides Continuous Software Supply Chain Security Management to companies that build or use software. Destructive supply chain attacks, undetectable by existing cybersecurity tools, are growing rapidly, impacting thousands of companies through a single compromise. Lineaje secures companies from these attacks. Lineaje SBOM360 allows companies to centrally manage their entire software supply chain, which consists of applications they build or buy, thereby allowing them to govern SBOMs at an enterprise-wide level. SBOM360 also enables compliance with US Executive order 14028 and other international regulations that control the procurement of third-party software by federal agencies, defense departments and other government organizations.

About KPMG in India

KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada.

KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment.