The survey highlights that 78% plan to increase their use of SBOMs. Compliance drives hardening the software supply chain as organizations must meet 4.9 government regulations and standards on average.
Santa Barbara, CA – November 7, 2024 - Anchore today released its third report of executive insights into managing software supply chain security practices. The Anchore 2024 Software Supply Chain Security Report found that 76% of respondents prioritize software supply chain security as the effects of software supply chain attacks intensify, while 21% of the victims of supply chain attacks reported a significant impact on their organization. As attacks like SolarWinds, XZ, and Log4j grow more sophisticated, the remediation expenses, risk of financial losses, and reputational damage are further heightened. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.
Visibility into Open Source Software Remains a Challenge
The survey shows that organizations need help to verify the security of open source and third party software. Only 1 in 5 respondents are confident that they fully understand all the components and dependencies in their software. As a result, 78% of organizations plan to increase their use of SBOMs in the next 18 months, with 32% planning to significantly increase SBOM use.
Compliance Emerges as a Key Driver in Software Supply Chain Security Initiatives
Survey respondents report compliance as a key driver of software supply chain security initiatives. With that, organizations now comply with an average of 4.9 regulations and standards, and 35% report a significant effort to comply with government regulations and standards.
Highlights of the report include:
- 76% say that software supply chain security is a significant or top priority.
- 59% of organizations have a cross-functional or dedicated team focused on software supply chain security.
- Only 21% are very confident they have visibility into all open source dependencies.
- 78% plan to increase their use of SBOMs in the next 18 months.
- 77% are concerned about the impact of embedded AI libraries on their software supply chain security.
“Mounting software supply chain risk is driving organizations to take action. This report shows a 200% increase in organizations making software supply chain security a top priority and growing use of SBOMs,” said Josh Bressers, vice president of security at Anchore. “While we’ve seen a lot of data highlighting the threat landscape, this survey offers a different perspective into the experiences and practices of the organizations that are the targets of software supply chain attacks. We’re able to see how organizations are responding internally to those threats.”
Read the executive summary of the Anchore 2024 Software Supply Chain Security Report here or download the full report and associated graphs here.
About the Anchore 2024 Software Supply Chain Security Report
This report provides a view of practices for securing the software supply chain as provided by 106 leaders and practitioners involved in software supply chain security. Their responses provide a unique perspective on current security practices and challenges from executives and practitioners within organizations. The survey was conducted during August and September 2024.
About Anchore
Anchore is a leader in software supply chain security and enables organizations to protect applications against attacks. Anchore technology embeds continuous security and compliance checks at every stage of the software development process. Large enterprises and government agencies use Anchore solutions to generate a comprehensive software bill of materials, pinpoint vulnerabilities, identify malware, and discover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate into the tools developers already use to detect issues earlier, saving time and lowering the cost to fix vulnerabilities.
To learn more visit www.anchore.com.
Media Contact:
Brandie Gerrish
[email protected]