peter bassill · operator
$ grep -l "tag:supply-chain" writing/

tag: supply chain.

6 pieces tagged supply chain, newest first. The full taxonomy is on the tag index.

2026·03·03 DeepSeek and the supply chain of intelligence Post 19 of the AI series. The open-weight reasoning models from DeepSeek and others have changed the supply chain of intelligence. The provenance, licensing, and operational properties of the models you run are now a cyber security question worth taking seriously. ai · supply chain · provenance · series 7 min 2026·01·17 SolarWinds at five Five years on from the disclosure of the SolarWinds Orion compromise, what actually changed in how UK boards think about third-party software risk — and what did not. A practitioner's retrospective on the case study that defined the decade. supply chain · governance · ned · retrospective 8 min 2026·01·10 The supplier underneath the supplier Three disclosures last month tell the same story from three angles: NHS England's tech provider, an NHS GP software supplier, and the Foreign Office. None of them is the headline brand. All of them are where the actual attack surface lives. supply-chain · third-party · governance · cni 6 min 2025·12·20 Where I trusted, where I didn't Post three of six on the Covert Cyber Deck. The supply chain decisions behind the build — why I chose the parts I chose, why I rejected several I considered, and why I ended up drawing the carrier PCB myself rather than buying one. cyberdeck · supply-chain · craft · sovereignty 7 min 2024·08·20 CrowdStrike: cyber resilience without a bad actor Four weeks after the CrowdStrike Falcon update that took 8.5 million Windows machines offline, the post-mortem is in. The interesting question is not what CrowdStrike did wrong. It is what the rest of us did wrong by assuming this kind of event could not happen. resilience · supply chain · ned · governance 7 min 2022·01·12 Log4Shell, and the inventory question we cannot keep ducking A month on from CVE-2021-44228, the headline-grabbing exploits have slowed but the underlying problem has not. The discomfort of the past month was not really about Log4j. It was about how few firms could answer the question 'where is it running?' vulnerability · supply chain · governance · craft 7 min

all tags  ·  all writing