This post is part of our 2023 cybersecurity prediction series.
Javed Hasan, CEO and Co-founder, Lineaje
In 2023, companies will realize that software that is not built securely cannot run securely. With more than 70% of modern software dependent on open source and third-party components, software developers cannot deliver secure software to customers without formal software supply chain management. This realization, and the increasing tampering of popular open source and commercial software packages, will drive an intense focus on ‘what’s in the software?” and ‘how good is it?’
Software producers that focus on their software supply chain will deliver definitively better software, driving better business results and making innovative CPOs focus on their software supply chain.
CIOs & CISOs will realize that software producers with secure software supply chains deliver software that reduces risk, requires less emergency patching for vulnerabilities and is less likely to compromise their own companies.Evaluating the SBOMs of all software they procure will become a risk management and operational efficiency imperative.
Prashant Khandelwal, VP Product, Partner and GTM Success, Lineaje
I expect 2023 to be the year of education and awareness on what securing a software supply chain truly entails. Most people today only have a high-level view, or simply regurgitate what they've heard or read publicly, but they generally don't have the depth of knowledge to determine its significance or impact. I believe the industry will go through a phase of discovery and ‘enlightenment’ this year, which will hopefully result in a level of maturity as vendors evolve and adapt to secure their software supply chain.
Another trend in 2023 relates to how companies will comply with the DoD on “Improving
the Nation’s Cybersecurity” and in particular “Enhancing the Security of the Software Supply Chain.” I expect the September 2023 deadline to be a wake up call to software vendors affected by the guidance issued by the OMB to all federal agencies. Vendors will not only have to scramble to ensure their software is compliant with NIST guidelines, but also will need to provide self-attestation that is reliable and can be independently verified.
Monish Advani, Head of Product, Lineaje
2023 will be the year organizations take proactive steps to prevent reputational and financial damages caused by software supply chain security incidents. 2022 kicked off with talk of the Apache Log4J vulnerability, a widespread software supply chain weakness that allowed attackers to log a special string of code, exploit their target and install malware or conduct various cyberattacks from there. Its prominence shed light on the risk of utilizing third-party, open source software – and how few organizations have a proper inventory of what is actually in their software.
Throughout the year, the likes of Okta, Uber, Magento and more experienced supply chain incidents as well, showing that even the biggest names with the most sophisticated IT and security departments can fall victim. Unfortunately, these incidents come with a cost. According to IBM, the average cost of a breach increased $4.24 million in 2021 to $4.35 million in 2022. They also can affect customers’ and prospects’ perception of a brand and their overall loyalty. This year, we expect to see more companies taking stock of their entire software catalog, which third parties and open source providers they are working with – and the potential risks associated with each aspect – in an effort to get ahead of these potential damages and build customer trust.