Open-source software is becoming an increasingly significant component of enterprise application code. However, this trend presents a new challenge for application security (AppSec) leaders and developers: the risk of these packages being weaponized by threat actors. Checkmarx’s global research report, the 2024 State of Software Supply Chain Security, sheds light on this issue. The study found that every large enterprise represented by the 900 AppSec professionals surveyed from the United States, Europe, and Asia-Pacific has fallen victim to a software supply chain attack.
The Urgency of Addressing Software Supply Chain Security
Amit Daniel, Chief Marketing Officer at Checkmarx, emphasizes the importance of this issue. He notes that software supply chain security is now a primary target for government regulatory and cybersecurity agencies and is a top concern for over half of the global enterprises surveyed. He stresses the need for CISOs and security leaders to help developers understand the new risks and secure their entire software supply chain.
Key Findings from the Survey
The survey revealed several key insights:
- 56% of respondents’ organizational applications are made up of open-source code packages.
- 75% of respondents expressed concern about software supply chain security.
- All organizations surveyed have experienced a software supply chain attack in the past, with 18% experiencing such an attack within the past year and 63% within the past two years.
- While software supply chain security is a priority for enterprise AppSec leaders, progress is slow. Only 57% said that software supply chain security was a top or significant area of focus, and just 54% are planning to use or are investigating the use of a solution.
The survey findings underscore the urgent need for organizations to bolster their defenses against software supply chain attacks.
