Classical supply chain practices are quite mature at measuring risk to an enterprise, but only along certain legacy dimensions—supplier ability to perform, deliver on time, business stability and others. However, in light of today's security breaches, it's clear that a security assurance dimension must be added to these practices, both for software and for hardware components.