[Verse 1] Vendors mask their supply chains deep Third-party secrets buried steep COTS solutions sparkle bright But origins vanish from our sight Commercial shelves hold hidden tales Of factories where transparency fails [Chorus] Twelve categories, memorize the frame Counterfeiting, malware, not the same Insertion, substitution, tampering too Data exposure, failure, breaking through Twelve pathways where the dangers creep Third-party secrets hide away so deep [Verse 2] Non-developmental items seem secure But provenance remains obscure DoD memo cuts through vendor fog Demands a comprehensive log ICT procurement gets new rules No more relying on basic tools [Chorus] Twelve categories, memorize the frame Counterfeiting, malware, not the same Insertion, substitution, tampering too Data exposure, failure, breaking through Twelve pathways where the dangers creep Third-party secrets hide away so deep [Bridge] Recycled components, legacy code Obsolescence down the road Theft of data, disruption plans Slipping through supplier hands Every circuit tells a story Hidden in its inventory [Verse 3] SCRM framework maps the threat terrain Each category breaks the chain Acquisition teams must probe and test Commercial promises put to rest Documentation requirements grow Suppliers must reveal what they know [Final Chorus] Twelve categories, now you know the game Risk assessment breaks the vendor claim Map each danger to its proper slot Miss a category, miss the plot Pentagon's memo clears the sweep Third-party secrets can't hide deep [Outro] COTS and NDI transparency Taxonomy brings us clarity
← Crosswalk the Framework Blues | Code Hunters: Track the Supply Stack →