Software supply chain security has serious ramifications for teams in charge of installing software in connected cars. Real-world risks to drivers and systems can arise from a vulnerable update. One major automaker has changed the way it approaches platform engineering and security in light of those stakes.

The company views supply chain security as an infrastructure issue that needs to be resolved at the platform level rather than assigning accountability to specific development teams. To delegate security decision-making away from individual developers and integrate it directly into the platform, the company created an internal developer platform. He asserts that "security is always the first-class citizen." ## Assessing Effects Outside of Compliance Reduced engineering effort waste is one of the platform approach's most obvious results.

Prior to the platform's implementation, teams spent too much time looking into problems that weren't always pertinent or even exploitable, and developers were asked to fix vulnerabilities without enough context. The company has decreased team-to-team duplication of effort by centralizing vulnerability analysis and remediation. According to Saxena, the teams' return of engineering time shows the payoff.