While the occurrence of software supply chain attacks just keeps getting worse every year, there appears to be a disconnect among leaders on the importance of securing those supply chains.
According to research from IDC, there has been a 241% increase year-over-year in supply chain attacks, but a new survey from JFrog had only 30% of respondents citing supply chain security as a top security concern.
The report also revealed disconnects between how leaders perceive the security of their organization versus the frontline software teams managing it. Ninety-two percent of executives believe their companies have tools to detect malicious open-source packages, compared to only 70% of developers. Similarly, 67% of executives think that code-level security scans are being regularly conducted, compared to only 41% of developers confirming they do this.
There is a similar disconnect when it comes to AI/ML. Over 90% of executives said that their development teams were using ML models in their applications, but only 63% of developers say that’s true.
And 88% of executives think that AI tools are being used for security scanning, but only 60% of DevSecOps teams say they are actually using AI-powered security tools.
“The complexity of today’s software supply chain poses unprecedented risks. Despite leadership efforts to enable frontline teams with the right equipment, developers are struggling to improve efficiency and accelerate productivity due to tool sprawl, lengthy open source and ML model approvals, plus audit and compliance checks,” said Moran Ashkenazi, SVP & CISO, JFrog. “This discrepancy highlights the urgency for organizations to rethink their security strategies, focus more on AI/ML components, and align executives and doers on a mission to fortify their software supply chains.”
You may also like…
Companies still need to work on security fundamentals to win in the supply chain security fight
Developers, leaders disconnect on productivity, satisfaction