Application Security,
Events,
Governance & Risk Management
Schneider Electric’s Crossley Calls for Enhanced Supplier Evaluation and Ongoing Risk Assessment
The rising frequency of software supply chain attacks has revealed significant vulnerabilities in application security approaches. Many organizations are still employing outdated testing practices and are not effectively monitoring risks associated with open-source components.
According to Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric, businesses need to adopt secure-by-design methodologies, utilize robust open-source components, and infuse risk awareness throughout the software development lifecycle.
Crossley emphasized the necessity of assessing the security framework of both internal processes and external suppliers. “Software developers often lack cybersecurity training, particularly in secure design principles,” she noted. This highlights the urgency for secure coding practices to extend protections to containers, build environments, and deployment frameworks.
She advocates for the implementation of the NIST Secure Software Development Framework alongside ISO-certified disclosure protocols. Enhanced tooling is crucial for integrating software bills of materials and conducting continuous risk assessments, as current advancements in artificial intelligence have improved visibility, yet integrating these insights into asset and risk management systems remains a challenge.
During a video interview with Information Security Media Group at Nullcon Goa 2025, Crossley elaborated on several important issues, including the critical need for strong coding practices among startups that may not have established formal security programs.
She also discussed the ongoing difficulties in bridging the communication gaps among Chief Information Security Officers, supply chain leaders, and other relevant teams, as well as the urgent need to prioritize the analysis of internet-facing assets and identifiable exploitable vulnerabilities.
Crossley is a distinguished cybersecurity executive with extensive expertise in information technology, product development, and supply chain security. She is the author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware,” bringing years of leadership experience in cybersecurity, application security, and data privacy to the role.
