A recent global research commissioned by ReversingLabs, a software supply chain security market leader, in collaboration with Dimensional Research, has revealed that organizations have been impacted by software supply chain security threats. The ReversingLabs Software Supply Chain Risk Survey shows that nearly 90 percent of technology professionals have detected significant risks in their software supply chain in the last year. What's more, over 70 percent of the respondents agree that current application security solutions aren't providing necessary protections.
According to Mario Vuksan, CEO and Co-founder of ReversingLabs, organizations are becoming more aware of the undeniable risks that software supply chain threats present to their businesses. The study found that 96 percent of respondents agree that a comprehensive software supply chain security solution is important to detect software threats beyond vulnerabilities. He also added that the gaps in current application security tools mean that companies must explore software supply chain security options that enable them to securely release applications, safely procure software, and quickly identify and respond to threats.
The ReversingLabs Software Supply Chain Risk Survey, which surveyed over 300 global executives, technology, and security professionals, aimed to identify the sources of software supply chain security issues across internally developed, open source, third-party, and commercial software, as well as the frequency of these issues. The study also aimed to investigate the maturity of organizations' software supply chain security program, the tools currently used, and the perceived value of those tools in addressing the security of the software supply chain.
The study revealed that software supply chain issues pose a significant business risk. Nearly all respondents, accounting for 98 percent, recognized this, citing concerns beyond code with vulnerabilities, secrets exposures, tampering, and certificate misconfigurations. Almost nine out of 10 companies detected security or other software issues in their software supply chain in the last 12 months. Internally developed software, at 47 percent, is nearly tied with open source, at 49 percent, for the leading source of software issues, followed by commercial software, at 30 percent.
Despite the prevalence of software supply chain risks, the study found that most enterprises are ill-equipped to identify and mitigate those risks. The study found that only six out of 10 enterprises felt that their software supply chain defenses were up to the task. While acknowledging the issue, 80 percent of the respondents disclosed that their companies are directly focused on improving security for the software supply chain.
The study also revealed that traditional application security solutions, including software composition analysis (SCA), static application security testing (SAST), and dynamic application security testing (DAST), are ineffective at protecting companies from modern software supply chain threats. This finding was agreed on by 74 percent of the professionals surveyed. The study revealed that a dedicated software supply chain security (SSCS) solution is very important, enabling teams to securely control the release of software via the detection of software supply chain threats, malware, malicious behaviors, tampering, and secrets exposures.
To address these concerns, ReversingLabs has launched a comprehensive Software Supply Chain Security (SSCS) platform that surpasses just addressing vulnerabilities and license compliance issues in open source components. The SSCS platform provides inspection of internally developed binaries, commercial and third-party code, and identifies malware, malicious behaviors, misconfigured certificates, evidence of tampering, version differencing, and secrets detection and prioritization.
###