Software supply chains are becoming a worrying weak link for firms of all sizes

All companies that use open source code in their software are at risk of supply-chain attacks, regardless of their size or industry they’re in, new research has warned.

A report from cybersecurity experts Checkmarx claims despite the grim outlook, things are looking up for application security (AppSec) leaders.

To draft its 2024 State of Software Supply Chain Security report, Checkmarx surveyed 900 AppSec professionals in the US, Europe, and Asia-Pacific – but all of them – 100% – claimed to have experienced a software supply chain attack at some time in the past.

Understanding new risks

While this definitely isn’t good news, the trend in the last two years shows promise. While almost two-thirds (63%) reported falling victim within the past two years, less than a fifth (18%) suffered such an attack within the past year.

The news is worrisome, and AppSec pros are aware of it. Three-quarters (75%) said they were either very concerned (39%) or concerned (36%) about the risks. However, they’re not sitting idly. While in more than half (56%), organizational applications contain open-source packages, 57% said software supply chain security was a “top”, or “significant” area of focus.

More than half (54%) are planning to use, or are currently investigating, a potential solution, while 50% are requesting software bills of materials from their vendors.

For Amit Daniel, Chief Marketing Officer at Checkmarx, it’s critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain.

“‘Malicious’ is much more than vulnerable. We have seen more attacks on the open source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team” Daniel said. “Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed.”

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/23q9sr2n5pzV3Vbed9S9UX-1200-80.jpg

Source link

Microsoft closes all physical shops in mainland China

3 movies new to Prime Video with 90% or higher on Rotten Tomatoes

Early Prime Day monitor deals are now live — grab a touchscreen display from only $39.99

Next-gen contactless payments are coming to iPhones and Android – here’s what’s new

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

KeyBanc drops Reliance Steel & Aluminum shares target, cites tempered carbon steel By Investing.com

Ford sales Q2 2024 edge 1% higher

fitch on larsen & toubro: Fitch assigns ‘BBB+’ rating on Larsen & Toubro; outlook stable

Spain to crack down on holiday rentals to address housing crisis By Reuters

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Software supply chains are becoming a worrying weak link for firms of all sizes

KeyBanc drops Reliance Steel & Aluminum shares target, cites tempered carbon steel By Investing.com

Ford sales Q2 2024 edge 1% higher

fitch on larsen & toubro: Fitch assigns ‘BBB+’ rating on Larsen & Toubro; outlook stable

Microsoft closes all physical shops in mainland China

Leave a reply Cancel reply