Which of the following best describes the potential security risk associated with vendors within the supply chain?
Vendors are primarily responsible for securing their own network, so they pose little risk to an organization's supply chain.
Vendors may introduce vulnerabilities into systems through unauthorized code in updates.
Vendors are typically immune to social engineering, reducing the risk to supply chain security.
Vendors regularly issue incorrect patches that can be ignored without risk to an organization.