Whereas the prevalence of software program provide chain assaults simply retains getting worse yearly, there seems to be a disconnect amongst leaders on the significance of securing these provide chains.
Based on analysis from IDC, there was a 241% enhance year-over-year in provide chain assaults, however a brand new survey from JFrog had solely 30% of respondents citing provide chain safety as a prime safety concern.
The report additionally revealed disconnects between how leaders understand the safety of their group versus the frontline software program groups managing it. Ninety-two p.c of executives imagine their firms have instruments to detect malicious open-source packages, in comparison with solely 70% of builders. Equally, 67% of executives assume that code-level safety scans are being usually performed, in comparison with solely 41% of builders confirming they do that.
There’s a comparable disconnect on the subject of AI/ML. Over 90% of executives stated that their improvement groups have been utilizing ML fashions of their purposes, however solely 63% of builders say that’s true.
And 88% of executives assume that AI instruments are getting used for safety scanning, however solely 60% of DevSecOps groups say they’re really utilizing AI-powered safety instruments.
“The complexity of right now’s software program provide chain poses unprecedented dangers. Regardless of management efforts to allow frontline groups with the appropriate tools, builders are struggling to enhance effectivity and speed up productiveness attributable to software sprawl, prolonged open supply and ML mannequin approvals, plus audit and compliance checks,” stated Moran Ashkenazi, SVP & CISO, JFrog. “This discrepancy highlights the urgency for organizations to rethink their safety methods, focus extra on AI/ML parts, and align executives and doers on a mission to fortify their software program provide chains.”
You may additionally like…
Builders, leaders disconnect on productiveness, satisfaction