Software supply chains are becoming a worrying weak link for firms of all sizes

All companies that use open source code in their software are at risk of supply-chain attacks, regardless of their size or industry they’re in, new research has warned.

A report from cybersecurity experts Checkmarx claims despite the grim outlook, things are looking up for application security (AppSec) leaders.

To draft its 2024 State of Software Supply Chain Security report, Checkmarx surveyed 900 AppSec professionals in the US, Europe, and Asia-Pacific – but all of them – 100% – claimed to have experienced a software supply chain attack at some time in the past.

Understanding new risks

While this definitely isn’t good news, the trend in the last two years shows promise. While almost two-thirds (63%) reported falling victim within the past two years, less than a fifth (18%) suffered such an attack within the past year.

The news is worrisome, and AppSec pros are aware of it. Three-quarters (75%) said they were either very concerned (39%) or concerned (36%) about the risks. However, they’re not sitting idly. While in more than half (56%), organizational applications contain open-source packages, 57% said software supply chain security was a “top”, or “significant” area of focus.

More than half (54%) are planning to use, or are currently investigating, a potential solution, while 50% are requesting software bills of materials from their vendors.

For Amit Daniel, Chief Marketing Officer at Checkmarx, it’s critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain.

“‘Malicious’ is much more than vulnerable. We have seen more attacks on the open source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team” Daniel said. “Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed.”

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/23q9sr2n5pzV3Vbed9S9UX-1200-80.jpg

Source link

Quordle hints and answers for Friday, April 3 (game #1530)

NYT Connections hints and answers for Friday, April 3 (game #1027)

NYT Strands hints and answers for Friday, April 3 (game #761)

3 of the biggest new Netflix shows arriving in April 2026

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

The 20 Strongest Dragons in ‘How to Train Your Dragon,’ Ranked by Power

‘Any Update Is a Bonus Not a Right’ Says Peak Dev in Response to ‘Lazy Dev Cycle’ Accusations

Did Gucci Mane Get Kidnapped? Where He Is Now Amid Pooh Shiesty News – Hollywood Life

Paramount’s Jeff Shell In Talks To Exit As President

Daphne Karydas, director at Mineralys, sells $75,000 in MLYS stock

Mativ Holdings announces resignation of Group President Ryan Elwart

Form 144 FIGS For: 2 April

American Well board member Peter Slavin to resign following annual meeting

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Software supply chains are becoming a worrying weak link for firms of all sizes

Quordle hints and answers for Friday, April 3 (game #1530)

The 20 Strongest Dragons in ‘How to Train Your Dragon,’ Ranked by Power

Daphne Karydas, director at Mineralys, sells $75,000 in MLYS stock

NYT Connections hints and answers for Friday, April 3 (game #1027)