Cyfinoid’s Shrivastava Advocates for Enhanced Transparency in Software Security Risks
Despite the crucial importance of software supply chain security, many organizations approach it with a limited perspective, primarily emphasizing code dependencies and Software Bill of Materials (SBOMs). However, significant vulnerabilities can stem from neglected components including developer tools, browser extensions, and cloud infrastructure, which are integral to the software development, deployment, and maintenance processes.
Related Insight: Organizations Must Focus on Threat Behaviors, Not Flaws
Anant Shrivastava, the founder and chief researcher at Cyfinoid Research, emphasizes that the current lack of comprehensive visibility into these domains is a considerable risk. While SBOMs serve as a beneficial starting point, they often overlook the more complex, interconnected ecosystems and third-party services critical to an organization’s software lifecycle.
“An SBOM is not a security solution—it’s merely an inventory,” Shrivastava remarks. “The question we must ask is how we can utilize this inventory to address challenges beyond just security concerns.”
In a recent video interview with Information Security Media Group at Black Hat USA 2025, Shrivastava further elaborated on various aspects of software supply chain security, focusing on the broader risks involved, tracking challenges, and available tools for enhancing visibility and management in software supply chains.
Shrivastava brings over 15 years of corporate experience in information security to his role. As a frequent speaker and trainer at international conferences, he remains an influential voice in the industry, driving awareness and discussion around the urgent need for improved software security practices.
