As the cyber landscape evolves and external dependencies grow more complex, managing risks attributable to exploitable software includes requirements for security and quality with ‘sufficient’ test regimes throughout the software supply chain. The Internet of Things (IoT) is contributing to a massive proliferation of a variety of types of software-reliant, connected devices throughout critical infrastructure. With IoT increasingly dependent upon third-party software, software composition analysis and other forms of testing are used to determine ‘fitness for use’ and trustworthiness of assets. Standards for measuring and sharing information about software security and quality are used in tools and services that detect weaknesses and vulnerabilities. Test and certification programs provide means upon which organizations use to reduce risk exposures attributable to exploitable software. Ultimately, addressing software supply chain dependencies and leveraging high assurance test regimes enable enterprises to provide more responsive mitigations.