In the aftermath of Log4j day zero, new survey highlights that organizations plan to tighten software supply chain security in 2022 to protect against software exploits
SANTA BARBARA, Calif., January 19, 2022 /PRNewswire/ — Anchore today released its second annual Enterprise Software Supply Chain Security Practices Management Report. The 2022 Anchore Software Supply Chain Security Report compiles responses from 428 leaders and executives across IT, security, and development to identify the latest trends in how organizations are managing. adapt to new software supply chain security challenges.
The software security landscape is changing rapidly
The survey was carried out in December 2021, both before and after the publication of the zero-day Log4j vulnerability. The impact was seen immediately, with respondents surveyed after the Log4j incident being much more likely to report significant or moderate impacts from supply chain attacks.
In response to growing software supply chain concerns, 54% of respondents make software supply chain security an important or top priority in 2022. While 76% of large enterprises will increase their use of a Software Bill of Materials (SBOM) in 2022, data shows that SBOM practices need to mature to improve supply chain security. Only 18% of respondents have complete SBOMs for all of their applications, and less than a third follow SBOM best practices, such as maintaining an SBOM repository and requesting SBOMs from commercial vendors.
“The software security landscape is changing rapidly, and it’s important for business leaders to understand how critical proactive security is becoming,” said Josh Bresser, vice president of security at Anchore. “The data shows us that organizations are focusing on both open source and commercial software as part of their supply chain security efforts. The most important action now is to generate and store SBOMs for the software they create and use. This essential foundation provides visibility into the software components they depend on and monitors application security after deployment. With an SBOM, organizations will be ready to respond quickly to the next zero- day.
Highlights of the report include:
62% of all organizations were affected by software supply chain attacks in 2021. Technology companies were the most affected, with over 70% reporting attacks
As a result of these attacks, 54% said securing the software supply chain was a priority or important goal for 2022
70% of advanced container users identify software supply chain security as a priority or important goal.
Open source software security is at the center of supply chain security efforts, with 46% ranking it as a “Top 3” priority
Read the executive summary of the Anchore 2022 Software Supply Chain Security Report here or download the full report and associated charts here.
About the 2022 Anchore Software Supply Chain Security Report
This report compiles responses from 428 IT, security, and development leaders and executives to identify the latest trends in how large organizations are adapting to new software supply chain security challenges. As enterprises increasingly turn to cloud-native software, this report places particular emphasis on the platforms, tools, and processes used to secure the growing volume of software containers.
Anchore is a leader in software supply chain security and enables organizations to protect cloud-native applications against software supply chain attacks. Anchore technology incorporates continuous security and compliance checks into every step of the software development process to prevent security risks from reaching production. Large enterprises and government agencies use Anchore solutions to generate comprehensive software bills of materials, identify vulnerabilities, identify malware, and uncover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate with the tools developers already use to detect issues earlier, saving time and reducing the cost of remediating vulnerabilities. To find out more, visit www.ancre.com.
View original content to download multimedia: https://www.prnewswire.com/news-releases/anchore-report-shows-73-of-software-companies-and-62-of-large-enterprises-were-hit -by -software-supply-chain-attacks-in-2021-301463378.html