This week's episode dives deep into the concept of shadow exposure and how it relates to third-party software, often overlooked in discussions about shadow IT. We explore the historical context of shadow IT, its evolution, and the real risks associated with widely deployed enterprise software that organizations may not fully understand. Join us as we discuss: The origins and implications of shadow ITThe challenges of visibility and transparency with third-party vendorsReal-world examples of vulnerabilities in critical software, including ServiceNow and IBM's ASPR FastbackThe limitations of security questionnaires and self-attestation processesThe importance of proactive security measures and effective disclosure processesWe also share insights from our security research team and discuss how organizations can better manage their attack surfaces to mitigate risks associated with shadow exposure. For more details about Assetnote's Attack Surface Management Platform, visit https://assetnote.io/