In recent years, the frequency of software supply chain attacks has escalated, revealing significant shortcomings in current application security strategies. Many companies continue to depend on outdated testing methods and struggle to effectively monitor vulnerabilities associated with open-source software. Cassie Crossley, the vice president of supply chain security at Schneider Electric, emphasizes the necessity for organizations to adopt secure-by-design practices, utilize mature open-source components, and integrate risk awareness throughout the software development process.

Crossley highlights the importance of assessing both internal processes and supplier security postures to bolster defenses. She points out a gap in cybersecurity training among software developers, which is crucial for implementing secure coding practices. These practices should encompass protection for containers, build environments, and deployment systems. She advises organizations to follow frameworks like the NIST Secure Software Development Framework alongside ISO-certified disclosure policies to enhance their security measures.

Moreover, Crossley advocates for the adoption of advanced tools capable of processing software bills of materials and conducting continuous threat analysis. Although artificial intelligence has enhanced visibility, there is still a need for its integration into asset and risk management systems. This approach aims to build a more robust security infrastructure that can preemptively identify and mitigate potential threats.

In a video interview at Nullcon Goa 2025 with the Information Security Media Group, Crossley elaborated on the critical role of secure coding practices, particularly for startups lacking formal security programs. She underscores the ongoing challenges in bridging communication gaps between chief information security officers (CISOs), supply chain leaders, and other key teams. Additionally, she stresses the importance of prioritizing the analysis of internet-facing assets and known exploitable risks.

Crossley brings a wealth of expertise as an accomplished cybersecurity technology executive. With extensive experience in information technology, product development, supply chain security, and data privacy, she is also the author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.” Her insights and leadership continue to guide organizations in fortifying their security frameworks against evolving threats.