Report: 64% of companies were affected by supply chain attacks, primarily due to increased reliance on OSS

The reliance on open source for the software industry and the proliferation of open source software (OSS) dependencies have made supply chains a major security target. Last year, 64% of organizations were affected by software supply chain attacks, according to a recent survey. Report..

The report “Status of the Software Supply Chain in 2022” was carried out by software and IoT solution providers. Levenera Use data from over 100 Revenera Audit Service projects.

Open source usage awareness is the first step in building and maintaining a successful open source management strategy, but nearly 70% of organizations do not have a company-wide policy to properly use open source. Hmm.

In 2021, the Revenera audit team identified 12% more issues than the previous year, and found 2,200 issues per audit project compared to 1,959 in 2020. 61% of the scanned codebase files are due to open source, an increase of 6 percentage points from 2020.

Revenera also found a 7% increase in binaries compared to 2020. Binaries are more complex than source code because they often combine IPs from multiple sources and consist of many configuration files.

Overall, software supply chain attacks increased by more than 300% in 2021 compared to 2020. Argon securityWas recently acquired by Aqua Security. Revenera’s audit team discovered 282 security vulnerabilities per audit project. This is an increase of 217% compared to 2020. Twenty-seven percent of these vulnerabilities have a “high” CVSS severity rating. Nevertheless, the security level throughout the software development life cycle remains low.

However, some companies are trying to mitigate security risks through new regulations and software bill of materials (SBOM).

Through organizations and regulations such as NIST, PCI, OpenChain, OWASP, MITER, NHTSA, and GDPR, industry and markets are working with the software supply chain by strengthening regulations aimed at discovering and tracking open source issues. We continue to address security risks.

A May presidential directive began prioritizing SBOM, stating that software providers selling software to the federal government would need to provide SBOM.

“As industry and governing bodies tighten governance requirements and more companies require SBOM from software suppliers as part of the contract process to prove the security of their software supply chain, a complete and accurate inventory of what is included in the code. The exception is to create, “the report said.

Revenera suggested that these are six steps to make the software supply chain more secure.

  1. “Understand building software pipelines and how software sources, components, and packages come into play.
  2. Create an exact SBOM with all subcomponents, hidden dependencies, and associated licenses.
  3. Shift vulnerability management and license compliance to the left to minimize and mitigate open source risk early in the DevOps lifecycle.
  4. Work with key stakeholders throughout the organization
  5. Empower software developers by providing ongoing education on security vulnerabilities and license compliance management.
  6. Implement an SCA solution that identifies both security and license compliance issues in your code. “

Report: 64% of companies were affected by supply chain attacks, primarily due to increased reliance on OSS

Source link Report: 64% of companies were affected by supply chain attacks, primarily due to increased reliance on OSS

Show More

Related Articles

Back to top button