In the aftermath of Log4j zero-day, a new survey highlights that organizations plan to boost software supply chain security in 2022 to protect against software exploits
Santa Barbara, Calif – January 19, 2022 – Anchore today released its second annual report of executive insights into managing enterprise software supply chain security practices. The Anchore 2022 Software Supply Chain Security Report compiles responses from 428 leaders and executives in IT, security and development roles to identify the latest trends on how organizations are adapting to new security challenges of the software supply chain.
The survey was conducted in December 2021, both before and after the Log4j zero-day vulnerability was published. The impact was seen immediately, with respondents surveyed after the Log4j incident being much more likely to report significant or moderate impacts from supply chain attacks.
In response to rising software supply chain concerns, 54% of respondents are making security of the software supply chain a significant or top focus in 2022. While 76% of large enterprises will increase their use of a software bill of materials (SBOM) in 2022, the data shows that SBOM practices must mature to improve supply chain security. Only 18% of respondents have complete SBOMs for all their applications and less than one third follow SBOM best practices like maintaining an SBOM repository and requesting SBOMs from commercial vendors.
“The software security landscape is changing rapidly and it’s important that enterprise leaders understand how critical proactively security is becoming,” said Josh Bressers, vice president of security at Anchore. “The data shows us that organizations are focused on both open source and commercial software as part of their supply chain security efforts. The most important action now is to generate and store SBOMs for the software they build and use. This critical foundation provides visibility into the software components they depend on and monitor for the security of applications post-deployment. With an SBOM, organizations will be ready to respond quickly to the next zero-day vulnerability.”
Highlights from the report include:
- 62% of all organizations were impacted by software supply chain attacks in 2021. Technology companies were the most affected, with over 70% reporting attacks
- As a result of these attacks, 54% indicated that securing the software supply chain is a top or significant focus for 2022
- 70% of advanced container users identify software supply chain security as a top or significant focus.
- Security of open source software is the top focus for supply chain security efforts with 46% ranking it as a “Top 3” priority
About the Anchore 2022 Software Supply Chain Security Report
This report compiles the responses of 428 leaders and executives in IT, Security, and Development to identify the latest trends on how large organizations are adapting to new security challenges of the software supply chain. As enterprises increasingly move to cloud-native software, this report includes a special focus on the platforms, tools and processes used to secure the growing volume of software containers.
Anchore is a leader in software supply chain security and enables organizations to protect cloud-native applications against software supply chain attacks. Anchore technology embeds continuous security and compliance checks at every stage of the software development process to prevent security risks from reaching production. Large enterprises and government agencies use Anchore solutions to generate a comprehensive software bill of materials, pinpoint vulnerabilities, identify malware and discover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate into the tools developers already use to detect issues earlier, saving time and lowering the cost to fix vulnerabilities. To learn more visit anchore.com.
Note to Editors:
- Data charts available for publication upon request
- Executive commentary available to accompany data