Reading the latest Information Week article by J. Nicholas Hoover titled : Securing The Cyber Supply Chain, I am wondering whether a trusted supply chain model for cyber security can give an advantage to large enterprises that handle the entire supply chain for their products.
While the reference assurance model designed by SAIC and the Robert H Smith School of Business (University of Maryland) is commendable, I still have this lingering doubt about the undue advantage well established vertically-integrated companies (or a partnership/alliance) have.
On the flip-side though, the threat is big. Ensuring a trusted eco-system for critical systems in Government, Financial Institutions and National Security is a herculean task. So the reference model is certainly a good positive step. But will it be harsh on smaller players? Maybe I am missing something.