More than half of enterprises worried about supply chain risks

Software supply chain risk has become mainstream, with 52 percent of respondents to a new survey being concerned about it.

The study from cybersecurity company Coalfire also finds 50 percent of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.

"With this first annual Software Supply Chain Risk report, our goal is to reveal how application security is adapting to industry disruption and adopting new technologies to secure the digital supply chain," says Coalfire’s CEO Tom McAndrew. "The data tells us that budgets and best practices are now top of mind for executive leadership and security teams, and there's no time to waste in achieving parity in today's competitive cloud environments."

Businesses are taking action, however, among software buyers nearly 60 percent have increased testing on third-party applications and 50 percent are purchasing new systems or new tooling. Two-thirds have implemented additional staff training budgets to help manage the deluge of application vulnerabilities.

There are plans to invest in software supply chain risk management, with over one-a third likely to allocate at least 10 percent of their application security budget to supply chain-specific processes. While 54 percent of organizations are re-focusing on the software development lifecycle.

"With 71 percent of respondents reporting that DevOps is now leading digital supply chain decision making, we've clearly reached a turning point in the evolution of security management," says Coalfire's vice president of product strategy Dan Cornell. "It's great news for software buyers as this shift will ultimately create stronger applications with fewer vulnerabilities."

The full report is available from the Coalfire site.

Photo credit: Sashkin / Shutterstock