A number of excessive profile software program provide chain safety incidents over the previous couple of years have put extra of a highlight on the necessity to have visibility into the software program provide chain. Nonetheless, it appears as if these efforts might not be resulting in the specified outcomes, as a brand new survey discovered that just one out of 5 organizations imagine they’ve that visibility into each element and dependency of their software program.
The survey, Anchore’s 2024 Software program Provide Chain Safety Report, additionally discovered that lower than half of respondents are following provide chain finest practices like creating software program bill-of-materials (SBOMs) for the software program they develop (49% of respondents) or for open supply tasks they use (45%) of respondents. Moreover, solely 41% of respondents request SBOMs from the third-party distributors they use. Regardless of these low numbers, it is a vital enchancment from 2022’s survey, when lower than a 3rd of respondents had been following these practices.
The report discovered that 78% of respondents are planning on growing their use of SBOMs within the subsequent 18 months, and 32% of them plan to considerably improve use.
“The SBOM is now a important element of software program provide chain safety. An SBOM gives visibility into software program substances and is a basis for understanding software program vulnerabilities and dangers,” Anchore wrote within the report.
The report additionally discovered that presently 76% of respondents are prioritizing software program provide chain safety.
Many corporations are having to make this a precedence as a part of their efforts to adjust to rules. In line with the report, organizations at the moment are having to adjust to a median of 4.9 rules and requirements, placing extra strain on them to get safety proper.
Of the businesses surveyed, greater than half have a cross-functional (51%) or totally devoted staff (8%) that works on provide chain safety.
Lastly, 77% of respondents are apprehensive about how embedded AI libraries will affect their software program provide chain safety.
For the survey, Anchore interviewed 106 leaders and practitioners which might be concerned in software program provide chain safety at their firm.