ClickCease Capterra reveals rise in software supply chain vulnerabilities

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Capterra reveals rise in software supply chain vulnerabilities

by

May 25, 2023 - TuxCare PR Team

According to a recent Capterra survey, an alarming 61% of U.S. organizations have suffered significant repercussions as a result of software supply chain vulnerabilities in the last year, underlining the critical need for increased security measures. The extensive survey, which included 271 IT and IT security specialists, attempted to analyze American organizations’ exposure to possible holes in third-party software.

Concerns over the security of software supply chains have reached alarming levels, according to a recent survey conducted by Capterra, a subsidiary of renowned analyst house Gartner. The findings unveiled that a staggering 50% of respondents rated the threat to be either “high” or “extreme,” while an additional 41% considered it to be moderate. Open source software emerged as a major source of worry in the supply chain, with 94% of US companies now utilizing some form of open source software, and over half of them (57%) relying on multiple open source platforms.

Highlighting the significance of these figures, Capterra analyst Zach Capers explained, “Most software platforms that are not fully open source include a lot of open source packages that developers leverage to speed up production.” This insight reveals that the extent of the problem may be far greater than initially perceived.

The threat posed by open source software is not a new revelation. Sonatype, a leading software supply chain automation company, reported an alarming 742% increase in supply chain malware detected in upstream open source packages between 2019 and 2022. Further highlighting the risk, the Linux Foundation found that the average application development project contains 49 vulnerabilities spread across 80 direct dependencies.

Capers pointed out that the proliferation of applications, commonly known as “app sprawl,” is exacerbating the cybersecurity risk in this domain. He disclosed that retailers who fell victim to cyber-attacks within the past two years were more than twice as likely to attribute their misfortune to app sprawl compared to those who remained unscathed (53% versus 22%).

To address these pressing challenges, Capers provided several recommendations. Firstly, organizations must focus on reducing app sprawl and establishing a formal risk assessment process for their software supply chain. Encouragingly, the survey indicated that 64% of businesses are already conducting such assessments. Additionally, implementing privileged access management, a practice employed by 61% of respondents, and deploying honeypots, a tactic embraced by 34%, were highlighted as effective measures to mitigate risks and bolster security in the software supply chain.

The sources for this piece include an article in InfoSecurityMagazine.

Summary
Capterra reveals rise in software supply chain vulnerabilities
Article Name
Capterra reveals rise in software supply chain vulnerabilities
Description
According to a recent Capterra survey, an alarming 61% of U.S. organizations have suffered significant repercussions.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!