I read an interesting post on electronic imports that could contain security threats. I can only speak from the software perspective, but I can say that most customers I’ve dealt with usually integrate some sort of software security audit process with any 3rd-party integrator and from my experience that means adopting static analysis. How many organizations are there that haven’t jumped on board with static analysis? Probably more than I can count.
It would be very interesting to hear of some of the Armed Services and Intelligence cyber threats that the government has not publicly disclosed. That might be an eye opener.