Software supply chain attacks have reached epidemic levels. In a 2023 study, 90 percent of IT professionals said their organizations had been affected by software supply chain threats in the past year. Additionally, 88 percent said these threats created risk for the entire organization. However, just 60 percent believe they have adequate defenses.
A Capterra report found that 50 percent of IT security professionals consider supply chain attacks to be an “extreme” or “high” threat. Another 41 percent say the risk is “moderate.”
Many supply chain threats come from open source software. The Capterra report notes that 94 percent of organizations use some form of open source software in their applications, with 57 percent using multiple open source platforms. A 2022 report from Sonatype found 88,000 malicious packages in open source software, a mindboggling 742 percent increase over 2019.
Organizations can “immunize” themselves against this threat with proper DevSecOps practices. The key is to take control of open source code so that it goes through the same rigorous security checks as internal software.