Capterra reveals rise in software supply chain vulnerabilities
According to a recent Capterra survey, an alarming 61% of U.S. organizations have suffered significant repercussions as a result of software supply chain vulnerabilities in the last year, underlining the critical need for increased security measures. The extensive survey, which included 271 IT and IT security specialists, attempted to analyze American organizations’ exposure to possible holes in third-party software.
Concerns over the security of software supply chains have reached alarming levels, according to a recent survey conducted by Capterra, a subsidiary of renowned analyst house Gartner. The findings unveiled that a staggering 50% of respondents rated the threat to be either “high” or “extreme,” while an additional 41% considered it to be moderate. Open source software emerged as a major source of worry in the supply chain, with 94% of US companies now utilizing some form of open source software, and over half of them (57%) relying on multiple open source platforms.
Highlighting the significance of these figures, Capterra analyst Zach Capers explained, “Most software platforms that are not fully open source include a lot of open source packages that developers leverage to speed up production.” This insight reveals that the extent of the problem may be far greater than initially perceived.
The threat posed by open source software is not a new revelation. Sonatype, a leading software supply chain automation company, reported an alarming 742% increase in supply chain malware detected in upstream open source packages between 2019 and 2022. Further highlighting the risk, the Linux Foundation found that the average application development project contains 49 vulnerabilities spread across 80 direct dependencies.
Capers pointed out that the proliferation of applications, commonly known as “app sprawl,” is exacerbating the cybersecurity risk in this domain. He disclosed that retailers who fell victim to cyber-attacks within the past two years were more than twice as likely to attribute their misfortune to app sprawl compared to those who remained unscathed (53% versus 22%).
To address these pressing challenges, Capers provided several recommendations. Firstly, organizations must focus on reducing app sprawl and establishing a formal risk assessment process for their software supply chain. Encouragingly, the survey indicated that 64% of businesses are already conducting such assessments. Additionally, implementing privileged access management, a practice employed by 61% of respondents, and deploying honeypots, a tactic embraced by 34%, were highlighted as effective measures to mitigate risks and bolster security in the software supply chain.
The sources for this piece include an article in InfoSecurityMagazine.