News Hub

Most organisations face software supply chain issues, finds report

Written by Fri 5 Jul 2024

Image of supply chain

In a survey surrounding 900 application security professionals, cloud native application security enterprise, Checkmarx, has found almost two-thirds (63%) of organisations have faced software supply chain compromises in the past two years.

In the report the ‘2024 State of Software Supply Chain Security’ report, Checkmarx found 56% of organisations applications comprise source code packages, as 75% of respondents said they were either very concerned (39%) or concerned (36%) about supply chain security.

Chief Marketing Officer at Checkmarx, Amit Daniel, said software supply chain security has become an active target of government regulatory and cybersecurity agencies and is ‘top of mind for over half of global enterprises we surveyed’.

“It is critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain. ‘Malicious’ is much more than vulnerable,” said Daniel.

Daniel added the company has seem more attacks on open source ecosystem in the last two years than ever before, with 385,000 malicious packages detected to date by its security team.

Challenges and Prioritisation in AppSec

The report revealed a gap between prioritisation and effective action in security. While 57% of AppSec leaders reported software supply chain security is either a top priority or a significant area of focus, only 54% are currently planning to use or investigating solutions to enhance their security posture.

half of the respondents are actively requesting software bills of materials (SBOMs) from their vendors, seeking greater transparency and security assurances. However, less than half of these organisations knew how to effectively leverage SBOMs when needed, pointing to a need for better education and tools to utilise these resources effectively.

Checkmarx’s findings are based on the responses of 900 CISOs and application security professionals in North America, Europe and Asia-Pacific with annual revenue of £586 million ($750 million) or more.

In February, analysis firm, Gartner, found almost half (45%) of organisations are expected to have experienced an attack on their software supply chain by 2025, illustrating the widespread impact of cyberattacks.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Fri 5 Jul 2024

Send us a correction Send us a news tip