DevSecOps is a buzzword right now. And security automation should be baked into the development process. But it doesn't deliver continuity of assurance for software that isn't built every day. And it leaves customers of third party software, including vendor products and contractor deliverables - in the blind. This talk will address how to maintain continuity of assurance for suppliers, and how to automate third party risk management on an ongoing basis.