Enterprise supply chain risks not being addressed

supply chain

Although software supply chain breaches are increasing, a new study from JFrog finds that only 30 percent of respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

It also uncovers a disconnect between management and developers. 92 percent of executives claim their organizations possess tools to detect malicious open-source packages, while only 70 percent of developers think the same.

Over 90 percent of executives believe they are using ML models in their software applications, whereas only 63 percent of developers confirm that's the case. 88 percent of executives also believe that AI/ML tools are being used for security scanning and remediation processes, however only 60 percent of DevSecOps teams say they are actually using these tools.

The same is true of security scans, with 67 percent of executives believing code-level security scans are conducted regularly, but only 41 percent of developers confirm such is true.

"The complexity of today's software supply chain poses unprecedented risks. Despite executives' efforts to equip frontline teams with the right tools, developers are struggling to improve efficiency and accelerate productivity due to security tool sprawl, lengthy open source software approvals, audit and compliance checks," says Paul Davis, field CISO at JFrog. "This discrepancy highlights the urgency for organizations to rethink their security strategies and take a collaborative approach amongst executives and operational teams to effectively fortify their software supply chains."

The report highlights regional differences too, only 82 percent of EMEA respondents report using AI/ML models, in comparison to 91 percent in the US and 99 percent in Asia. 14 percent of EMEA respondents are unaware of tools for identifying malicious open-source packages, in contrast to lower rates in the US (nine percent) and Asia (one percent).

You can get the full report from the JFrog site.

Image credit: Chan2545/depositphotos.com

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.