Heavy Strategy HS116: Nth-Party Risk May Put You on the (Block) Chain Gang
Nov 11, 2025
Dive into the complex world of nth-party risks and how they ripple through modern supply chains. Discover the implications of recent Salesforce breaches and the rise of agentic AI in managing these hidden dangers. The conversation reveals the need for blockchain as a solution for tracking software changes and ensuring accountability. Explore the challenges of standards and the role of government procurement in driving adoption. The hosts debate the balance between speed and responsible risk management in the face of evolving technology.
AI Snips
Chapters
Transcript
Episode notes
Nth-Party Risk Defined And Illustrated
- "Nth-party risk" describes risks from suppliers, suppliers' suppliers, and so on ad infinitum across software, cloud, and services.
- John Burke links current incidents (e.g., Salesforce breaches affecting Adidas and Google) to cascading fourth-party risks.
Dynamic Software Supply Chains Are Risky
- Supply chain risk is familiar in hardware but under-considered in dynamic software and cloud ecosystems.
- Johna Till Johnson warns that changing software updates can introduce vulnerabilities anytime, so trust isn't once-and-done.
Avoid Relying On Annual Audits
- Don't rely on annual audits to capture supply-chain state because suppliers and configurations change constantly.
- Monitor supply chains continuously and plan for frequent reassessments rather than one-off checks.
