Protecting both sides of the software supply chain (vendor/customer) requires tools and processes specific to each party. Consumers use NIST compliant Cyber Supply Chain Risk Management (C-SCRM) methods and tools combined with NTIA Software Bill of Materials (SBOM) to proactively perform a comprehensive software risk assessment, before any attempt to install a software package. This prevents Ransomware and other forms of malware from getting a foothold in a digital ecosystem, where it can carry out it's nefarious deeds. An SBOM also enables the ongoing monitoring of risks and vulnerabilities that may arise, after a software product has been installed, providing consumers visibility to new risks, reactively.