Supply chains are attracting the interest of cyber crooks and Synopsys Software Integrity Group says firms are stepping up security.
The Synopsys report found software supply chain attacks had seen 73 percent of respondents increasing efforts to strengthen security. This included greater adoption of multifactor authentication, getting security testing controls, improving asset discovery and updating the surface inventory.
Even with those investments, a third said applications had been exploited due to a known vulnerability in open source software.
Open source software has been a supply chain concern , but there are fears that other areas could be avenues for attackers, including cloud app development and application programming interfaces (APIs).
General manager of the Synopsys Software Integrity Group general manager Jason Schmitt said: “As organisations are witnessing the level of potential impact that a software supply chain security vulnerability or breach can have on their business through high-profile headlines, the prioritisation of a proactive security strategy is now a foundational business imperative.”
“While managing open source risk is a critical component of managing software supply chain risk in cloud-native applications, we must also recognise that the risk extends beyond open source components”, he added.
“Infrastructure-as-code, containers, APIs, code repositories – the list goes on and on, and must all be accounted for to ensure a holistic approach to software supply chain security.”