Paper promises don’t patch supply chain vulnerabilities

Join the Aspen Policy Academy mailing list to learn more about us and our fellows (you’ll receive one email a week).

{"action":"swipe","clientId":"d86babba-dc52-40eb-9ec9-7dff058f458a","controls":["submits"],"property":"newsletter","recipients":"","receipts":"","rules":[],"subject":""}

{"type":"email","format":[{"label":"month"},{"label":"day"},{"label":"year"},{"label":"hour"},{"label":"minute"}],"filetypes":[],"options":[],"title":"Email Address","description":" ","placeholder":"","helper":false,"abilities":["required"],"beacons":[],"preset":"","identifier":"email_address","evaluate":[],"minimum":0,"maximum":200,"expression":"^[a-zA-Z0-9.]{2,}@[a-zA-Z0-9]{3,}\\.[A-Za-z]{2,}$","count":1}

Email Address

{"type":"input","format":[{"label":"month"},{"label":"day"},{"label":"year"},{"label":"hour"},{"label":"minute"}],"filetypes":[],"options":[],"title":"First Name","description":" ","placeholder":"","helper":false,"abilities":["required"],"beacons":[],"preset":"","identifier":"first_name","evaluate":[],"minimum":0,"maximum":200,"expression":"(.|\\n){1,}?","count":1}

First Name

{"type":"input","format":[{"label":"month"},{"label":"day"},{"label":"year"},{"label":"hour"},{"label":"minute"}],"filetypes":[],"options":[],"title":"Last Name","description":" ","placeholder":"","helper":false,"abilities":[],"beacons":[],"preset":"","identifier":"last_name","evaluate":[],"minimum":0,"maximum":200,"expression":"(.|\\n){1,}?","count":1}

Last Name

{"type":"check","format":[{"label":"month"},{"label":"day"},{"label":"year"},{"label":"hour"},{"label":"minute"}],"filetypes":[],"options":[{"label":"I want to learn how to change policy"},{"label":"I am a journalist"}],"title":"Focus","description":"Description of field","placeholder":"","helper":false,"abilities":["multiple"],"beacons":[],"preset":[],"identifier":815016107,"evaluate":[],"minimum":0,"maximum":200,"expression":"(.|\\n){1,}?","count":1}

Focus

Description of field

{"type":"check","format":[{"label":"month"},{"label":"day"},{"label":"year"},{"label":"hour"},{"label":"minute"}],"filetypes":[],"options":[{"label":"Washington DC area"},{"label":"New York City area"},{"label":"San Francisco Bay area"},{"label":"Los Angeles area"},{"label":"I'm in another location"}],"title":"Select your location","description":"Description of field","placeholder":"","helper":false,"abilities":[],"beacons":[],"preset":[],"identifier":475628370,"evaluate":[],"minimum":0,"maximum":200,"expression":"(.|\\n){1,}?","count":1}

Select your location

Description of field

Thank you for signing up! Keep an eye on your inbox for our next weekly newsletter!

{"abilities":[],"action":"stack","className":"","columns":3,"controls":[],"exclude":[],"include":[{"custom.menu":"header-menu"}],"maximum":6,"property":"header","orders":["date","title","menu_order","post_type","post__in"]}

{"abilities":[],"action":"stack","className":"","columns":3,"controls":[],"exclude":[],"include":[{"custom.menu":"header-menu"}],"maximum":6,"property":"mobile","orders":["date","title","menu_order","post_type","post__in"]}

Paper promises don’t patch supply chain vulnerabilities

Article Published January 28, 2026

This article originally appeared on SC Media on January 28, 2026.

By Daniel Bardenstein

Washington has spent years trying to improve federal software supply chain security with a familiar tool: paperwork. The instinct was right. After major supply chain shocks, the federal government wanted to push responsibility upstream—toward the companies that build and ship software—rather than leaving every agency, system owner, and taxpayer to absorb the cost of insecure defaults. That’s the backbone of Secure by Design: the industry should build security into products, not bolt them on after deployment.

Read the Full Article

{"abilities":[],"action":"swipe","className":"wide","columns":3,"controls":["arrows"],"exclude":[{"starter.postid":"28603"}],"filters":[],"include":[{"starter.termid":"111"},{"starter.termid":"120"},{"starter.termid":"231"}],"maximum":6,"meta":[],"property":"box","searching":"","sorts":[{"ordering.label":"date","evaluation.label":"\u2193","display":"Most Recent","label":"date \u2193 Most Recent"}],"sorting":[{"ordering.label":"date","evaluation.label":"\u2193","display":"Most Recent","label":"date \u2193 Most Recent"}],"orders":["date","title","menu_order","post_type","post__in","relevance"],"filtering":"","refiner":false,"total":57}

Aspen Policy Academy

Paper promises don’t patch supply chain vulnerabilities

Browse Related Articles

In Pentagon-Anthropic standoff, AI is real-time testing the balance of power in future of warfare

How to Manage Misinformation in Large Language Models

The Spy Next Door: Are Smart Doorbells Building a Surveillance State?