The survey highlights that 78% plan to increase their use of SBOMs. Compliance drives hardening the software supply chain as organizations must meet 4.9 government regulations and standards on average.
Anchore today released its third report of executive insights into managing software supply chain security practices. The Anchore 2024 Software Supply Chain Security Report found that 76% of respondents prioritize software supply chain security as the effects of software supply chain attacks intensify, while 21% of the victims of supply chain attacks reported a significant impact on their organization. As attacks like SolarWinds, XZ, and Log4j grow more sophisticated, the remediation expenses, risk of financial losses, and reputational damage are further heightened. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.
Also Read: Elastic Simplifies Elasticsearch Management with AutoOps Integration
Visibility into Open Source Software Remains a Challenge
The survey shows that organizations need help to verify the security of open source and third party software. Only 1 in 5 respondents are confident that they fully understand all the components and dependencies in their software. As a result, 78% of organizations plan to increase their use of SBOMs in the next 18 months, with 32% planning to significantly increase SBOM use.
Compliance Emerges as a Key Driver in Software Supply Chain Security Initiatives
Survey respondents report compliance as a key driver of software supply chain security initiatives. With that, organizations now comply with an average of 4.9 regulations and standards, and 35% report a significant effort to comply with government regulations and standards.
Highlights of the report include:
- 76% say that software supply chain security is a significant or top priority.
- 59% of organizations have a cross-functional or dedicated team focused on software supply chain security.
- Only 21% are very confident they have visibility into all open source dependencies.
- 78% plan to increase their use of SBOMs in the next 18 months.
- 77% are concerned about the impact of embedded AI libraries on their software supply chain security.
“Mounting software supply chain risk is driving organizations to take action. This report shows a 200% increase in organizations making software supply chain security a top priority and growing use of SBOMs,” said Josh Bressers, vice president of security at Anchore. “While we’ve seen a lot of data highlighting the threat landscape, this survey offers a different perspective into the experiences and practices of the organizations that are the targets of software supply chain attacks. We’re able to see how organizations are responding internally to those threats.”
Also Read: CIO Influence Interview with Eduard Frank, CTO of Scanbot SDK
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]