Within the all-round digital transformation, every company relies on a multitude of third-party vendors, adding to difficult-to-manage third-party risk. Their services contain code that always has vulnerabilities, which puts their users, industries, societies, and countries at risk. Will there be a global policy response? Is fixing common cybersecurity vulnerability even possible at all?