SUPPLY-CHAIN-EDI
Securing the chain — software (dependencies) AND commercial (partners).
Definition
EDI risks: (1) upstream dependency attack (log4shell, Solarwinds-style), (2) compromised commercial partner sending fake POs, (3) DUNS spoofing with business impersonation. Countermeasures: SBOM + SLSA for software supply chain, partner verification via X.509 + business validation for commercial supply chain.
Origin
Focus area since 2020-2021 following Solarwinds and Log4Shell attacks.
Example in context
An EDI programme monthly checking dependency SBOMs and OFAC sanctions list against its partners.