In this session, we will introduce practical methods for supply chain security with an eye toward compliance with UN-R155/156 and ISO/SAE 21434. OEMs and Tier-1s face the challenge of verifying supplier deliverables. In response to this challenge, this session will introduce a method for visualizing security risks throughout the supply chain using Karamba Security's binary analysis tool, VCode. Specifically, based on the results of penetration tests conducted by Karamba for automotive suppliers, we will report on the trends and impact of vulnerabilities actually detected, such as unsigned firmware, encryption keys stored in plain text, and UDS implementation errors. We will also present case studies to demonstrate the risk reduction benefits and implementation benefits of automated verification using VCode.