In the recent SolarWinds hack, the routine task of downloading a software update turned into a cybersecurity nightmare for over 18,000 organizations including the Treasury Department, AT&T and up to 85% of Fortune 500 companies. See Jason Murdock, Who Has Been Affected by the Huge SolarWinds Cyberattack So Far?, Newsweek, Dec. 18, 2020. State sponsored hackers broke into SolarWinds and installed malware in its Orion software update, which gave the hackers back door access to the networks of thousands of customers who installed the update. One constructive outcome of that incident is that it has prompted many businesses to reexamine their vendor risk assessment practices.