Global Checkmarx Study Reveals 63% of Participating Organizations Have Fallen Victim to a Software Supply Chain Attack in Past Two Years
2024年6月27日 - 8:00PM
ビジネスワイヤ(英語)
50% of enterprise application security leaders
in the US, Europe and Asia-Pacific are actively seeking software
bills of materials (SBOMs) from vendors, but fewer than half know
how to effectively leverage them
As open source software grows to represent an ever-increasing
percentage of enterprise application code, application security
(AppSec) leaders and developers are challenged to mitigate the risk
of falling victim to the weaponization of such packages by threat
actors. Reporting on current open source AppSec practices and
problems, Checkmarx, the industry leader in cloud-native
application security for the enterprise, has released its global
research report, the 2024 State of Software Supply Chain Security.
Notably, the study found that 100% of the large enterprises
represented by 900 AppSec professionals responding from the United
States, Europe and Asia-Pacific have been the victims of a software
supply chain attack at some point.
“Software supply chain security has become an active target of
government regulatory and cybersecurity agencies and is top of mind
for over half of global enterprises we surveyed,” said Amit Daniel,
Chief Marketing Officer at Checkmarx. “It’s critical for CISOs and
security leaders to make it easier for developers to understand the
new risks and secure their entire software supply chain.
‘Malicious’ is much more than vulnerable. We have seen more attacks
on the open source ecosystem in the last two years than ever before
with over 385,000 malicious packages detected to date by our own
Checkmarx security research team. That's why Checkmarx offers
capabilities in Checkmarx One to allow developers to seamlessly add
protection against such attacks."
The study revealed that:
- 56% of respondents’ organizational applications comprise open
source code packages
- 75% of respondents said they were either very concerned (39%)
or concerned (36%) about software supply chain security
- While 100% of organizations have experienced a software supply
chain attack at some time in the past:
- 18% of respondents have been the victims of a software supply
chain attack within the past year
- 63% had been the victims of such an attack within the past two
years
While enterprise AppSec leaders surveyed are prioritizing
software supply chain security, progress is slow:
- 57% said that software supply chain security was a top or
significant area of focus
- 54% are planning to use or are investigating the use of a
solution
- 50% are actively requesting software bills of materials (SBOMs)
from their vendors
- Less than half of those seeking vendor SBOMs knew how to
leverage them effectively if needed
Methodology
In early 2024 Checkmarx commissioned a global research firm to
conduct a survey of 900 CISOs and application security
professionals in companies in North America, Europe and
Asia-Pacific with annual revenue of $750 million or more.
To review the 2024 State of Software Supply Chain Security
report, visit this page.
About Checkmarx
Checkmarx is the leader in application security and ensures that
enterprises worldwide can secure their application development from
code to cloud. Our consolidated platform and services address the
needs of enterprises by improving security and reducing TCO, while
simultaneously building trust between AppSec, developers, and
CISOs. At Checkmarx, we believe it’s not just about finding risk,
but remediating it across the entire application footprint and
software supply chain with one seamless process for all relevant
stakeholders. We are honored to serve more than 1,800 customers,
including 40 percent of all Fortune 100 companies.
Follow Checkmarx on LinkedIn, YouTube, and X.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240627921854/en/
Katie Brookes Merritt Group for Checkmarx
brookes@merrittgrp.com