Cybersecurity

Law and Security Merge as Supply Chain Regulations Multiply: RSA Panelists

Contract renewal timelines at large companies can run three years, making last-minute compliance impractical.

Akul Saxena

Mar 26, 2026 — 4 min read

Photo of (from left) Kate Growley, a partner at Crowell & Moring LLP (moderator); Katherine McDaniel, director of cyber legal at T-Mobile, Chris Hale, senior director for cyber and national security law at Cisco Systems, and Cassie Crossley, chief executive of VulNow, speak on a panel about supply chain security at the RSA Conference in San Francisco on Wednesday, March 25, 2026.

SAN FRANCISCO, March 26, 2026 — Software vulnerabilities, hardware blind spots, and an expanding web of global regulations are redefining how companies must manage their supply chains, legal and security executives told the RSA Conference here on Wednesday.

The attack surface

Supply chains are more digitalized and more complex than ever, expanding the attack surface and multiplying individual points of failure, said Cassie Crossley, chief executive of VulNow, a cybersecurity vulnerability detection startup.

Just this week, a software supply chain attack compromised Trivy, an open-source vulnerability scanning tool used in AI development pipelines, Crossley said. Developers have been compromised again, she said, and the full extent of what was stolen remains unknown.

Learn more about the Broadband Community...

Start Your Broadband Journey Here

Post tagged in

Cybersecurity RSA Cassie Crossley VulNow Katherine McDaniel Chris Hale Kate Growley T-Mobile USA Crowell & Moring LLP RSA Conference Trivy Executive Order 14028 Executive Order 14017 CMMC 2.0 DORA (Digital Operational Resilience Act NIS2 Cyber Resilience Act Critical Cyber Systems Protection Act CERT-In Directions