How Fortune 500s Are Using Procurement to Manage Vendor Software Supply Chain Security
Enterprise Tech with Fexingo: Fortune 500 Software, Procurement, and Large-Account Sales · 2026-06-18 · 11 min
Episode notes
In episode 58 of Enterprise Tech with Fexingo, Lucas and Luna dive into a critical but often overlooked area of enterprise software procurement: vendor software supply chain security. They explore how Fortune 500 companies are now requiring vendors to provide a software bill of materials, or SBOM, as part of the procurement process. Lucas explains why the SolarWinds attack was a turning point, and shares how a single vulnerability in a third-party component can cascade through the entire supply chain. They discuss real-world examples like the Log4j vulnerability and how it reshaped procurement checklists, including contractual clauses for patching SLAs. Luna challenges whether smaller vendors can realistically comply, and Lucas outlines the tiered approach large buyers are taking. The episode also touches on the rise of vulnerability disclosure requirements and how procurement teams are now coordinating with CISOs earlier in the vendor evaluation process.