Survey of Large Enterprises Shows 64 Percent Affected by a Software Supply Chain Attack in the Last Year

Debut survey of security and development leaders identifies trends in securing the software supply chain as containers become the common delivery model 

Santa Barbara, CA – June 17, 2021 – Today Anchore released its findings in the first report of executive insights into enterprise software supply chain practices, called the Anchore 2021 Software Supply Chain Security Report. As the leader in continuous security and compliance for cloud-native applications, Anchore is spearheading the enterprise-focused viewpoint of how to secure the software supply chain. The report includes insights gathered from large enterprises with at least 1,000 employees on supply chain attacks, container security, DevOps toolchains and the most popular container platforms. 

The report shows that containers are becoming a preferred delivery model, with 65% of respondents reporting a significant number of applications running in containers. While technology-focused industries lead the way in container adoption, traditional industries, such as healthcare and financial services, also report significant container use.

Containers make it easy to package software during development, but they commonly bring in multiple open source (OSS) or third-party dependencies as applications move through the DevOps pipeline, creating new software supply chain risks. In the survey, 38 percent of advanced container users indicated that they see containerized applications as more risky than traditional applications. As a result, technical leaders ranked open source security and gaining a full understanding of the software bill-of-materials as top challenges.

“This report highlights that 60% of respondents have made securing the software supply chain a top initiative for 2022,” said Dan Nurmi, CTO and Co-Founder of Anchore. “This is critical as software supply chain attacks rise in frequency and intent. It’s an important reminder that now is the time for IT leaders, security executives and members of the C-suite to empower their teams to implement new practices and tools that secure the software supply chain.” 

Highlights from the report include:

  • 84% of respondents plan to increase container use and 29% will increase container use significantly 
  • While many orgs are scanning containers, most report challenges in identifying vulnerabilities (86%), too many false positives (77%), and getting developers to spend time remediating issues (77%) 
  • Top initiatives are increasing container use (63%) and improving supply chain security (60%)

The full report with data findings and associated graphs is available here.

About the Anchore 2021 Software Supply Chain Security Report

This report compiles the responses of 425 IT, Security, and DevOps leaders to identify the latest trends on how large organizations are adapting to these new security challenges of the software supply chain. As enterprises increasingly move to cloud-native software, this report includes a special focus on the platforms, tools and processes used to secure the growing volume of software containers. 

About Anchore

Anchore accelerates the development of secure and compliant cloud-native applications with solutions that enable software supply chain security, from vulnerability scans to generating a software bill of material. Anchore’s container security solutions seamlessly embed into the DevOps toolchain with continuous security and compliance checks early in the software development process. From sourcing to CI/CD pipelines to production, Anchore’s solutions protect the software supply chain and prevent container security risks from reaching production. Using Anchore as part of the DevSecOps toolchain creates a reliable way to detect issues earlier, save developers time and lower the cost to fix vulnerabilities. Built with an open source foundation, Anchore solutions provide transparency into source code and the benefit of peer reviews. 

Anchore customers include large enterprises and government agencies that require secure and compliant cloud-native applications. To learn more about Anchore’s solutions, visit www.Anchore.com.